portrule = shortport.service({"http", "https", "afs3-callback", "http-proxy"}) local postdatas = [[ ------WebKitFormBoundary...Content-Disposition: form-data; name="UPLOAD_MODE" 1 ------WebKitFormBoundary Content-Disposition:...form-data; name="P" 1 ------WebKitFormBoundary Content-Disposition: form-data; name="DEST_UID" 1 --...----WebKitFormBoundary Content-Disposition: form-data; name="ATTACHMENT"; filename="jpg" Content-Type...> ------WebKitFormBoundary-- ]] action = function(host, port) local output = stdnse.output_table
form-data方式来请求: POST /login HTTP/1.1 Host: localhost:8080 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW...----WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name="username" felord.cn --...--WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name="password" felord.cn ----WebKitFormBoundary7MA4YWxkTrZu0gW...----WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name="myFile"; filename="/C:/...Users/felord/Desktop/spring-security.pdf" Content-Type: application/pdf (data) ----WebKitFormBoundary7MA4YWxkTrZu0gW
://example.com/testapi HTTP/1.1 Content-Length: 234 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6XncMq0p32KiFnlE...------WebKitFormBoundary6HL7YGChzJuy0cBX Content-Disposition: form-data; name="name" ------WebKitFormBoundary6XncMq0p32KiFnlE...Content-Disposition: form-data; name="name" ball球 ------WebKitFormBoundary6XncMq0p32KiFnlE Content-Disposition...: form-data; name="age" 99 ------WebKitFormBoundary6XncMq0p32KiFnlE-- 注意:数据并未进行urlencode 2.2接收 可以使用$
9j4dqk/war serverName: Weblogic password: Oracle@123 content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW...archive: true server_version: 10.3.6.0 wl_upload_delta: true Content-Length: 218 ------WebKitFormBoundary7MA4YWxkTrZu0gW...name="shell.jsp"; filename="shell.jsp" Content-Type: false <% out.print("123456"); %> ------WebKitFormBoundary7MA4YWxkTrZu0gW...9j4dqk/war serverName: Weblogic password: Oracle@123 content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW...archive: true server_version: 10.3.6.0 wl_upload_delta: true Content-Length: 218 ------WebKitFormBoundary7MA4YWxkTrZu0gW
HTTP/1.1 // 请求行 // 请求头 Host: 192.168.1.111:8080 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW...Cache-Control: no-cache------WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name=..."x_coord" 11111 ------WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name="y_coord..." 111 ------WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name="z_coord" 11111...------WebKitFormBoundary7MA4YWxkTrZu0gW-- 上面这个就是编码格式为 form-data 的时候的请求报文的样子。
user HTTP/1.1Host: 127.0.0.1:8086Content-Length: 154Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW...------WebKitFormBoundary7MA4YWxkTrZu0gWContent-Disposition: form-data; name="user"869455062341318----...--WebKitFormBoundary7MA4YWxkTrZu0gW--总结:如果你只是传输简单的键值对数据,可以选择使用 x-www-form-urlencoded。
Upgrade-Insecure-Requests: 1 Origin: http://192.168.199.202:8090 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9ZTAmucIpsJkBqSw...Accept-Language: zh-CN,zh;q=0.9 Cookie: JSESSIONID=E798362E7A06CF1087CC58A078F993A4 Connection: close ------WebKitFormBoundary9ZTAmucIpsJkBqSw...Content-Disposition: form-data; name="atl_token" 02b26de790c0e61a3e68012c4b3c4a7ab335556f ------WebKitFormBoundary9ZTAmucIpsJkBqSw...java.lang.ProcessBuilder["(java.lang.String[])"](["touch", "/tmp/CVE-2024-21683"]).start(); ------WebKitFormBoundary9ZTAmucIpsJkBqSw...Content-Disposition: form-data; name="newLanguageName" exp ------WebKitFormBoundary9ZTAmucIpsJkBqSw
1.客户端的请求(requst) 请求头会有:Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5sGoxdCHIEYZKCMC...其中boundary=----WebKitFormBoundary5sGoxdCHIEYZKCMC可看做是分界线 表单中的数据会和请求体对应,比如只有一个标签,里面是字符串...//===================描述String:============== ------WebKitFormBoundary5sGoxdCHIEYZKCMC...KeyName" Content-Type: text/plain;charset="utf-8" [String数据XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] ------WebKitFormBoundary5sGoxdCHIEYZKCMC.../>标签,里面是二进制文件流:file stream //===================描述file:================ ------WebKitFormBoundary5sGoxdCHIEYZKCMC
Cache-Control: no-cache Postman-Token: 033120fe-2185-15d4-e486-75e86e2baddd ------WebKitFormBoundary7MA4YWxkTrZu0gW...Content-Disposition: form-data; name="url" https://www.baidu.com/ ------WebKitFormBoundary7MA4YWxkTrZu0gW...Content-Disposition: form-data; name="name" waffle ------WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition...------WebKitFormBoundary7MA4YWxkTrZu0gW-- 其中, boundary这个参数是分界线的意思,这个分界线参数具体是什么你可以随意自定义 ,建议定义复杂一点,因为这样子才不会跟请求体中其它字段重复...上面的例子看出分界线=“--”+boundary 每个参数都由分界线分隔开,参数名(二进制数据还需要指明文件类型)和参数值之间有一行空行,这个空行不能省略: ------WebKitFormBoundary7MA4YWxkTrZu0gW
jq ajax文件上传的时候,要小心传到后端不是二进制文件流 重点就是这个设置:contentType: ‘multipart/form-data; boundary=—-WebKitFormBoundary7MA4YWxkTrZu0gW...processData: false, contentType: 'multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
cookie = ""; string token = getUploadToken(cookie); string boundary = "------WebKitFormBoundary5TsAeTVHbPVlsrNh...HttpWebRequest)WebRequest.Create(new Uri("")); req.ContentType = $"multipart/form-data;boundary=----WebKitFormBoundary5TsAeTVHbPVlsrNh
*', 'User-Agent' = 'PostmanRuntime/7.15.2', 'content-type' = 'multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW...' )); $request- setBody('------WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name...="image"; filename="785da43beca5a474.jpg" Content-Type: image/jpeg ------WebKitFormBoundary7MA4YWxkTrZu0gW...form-data; name=\"image\"; filename=\"785da43beca5a474.jpg\"\r\nContent-Type: image/jpeg\r\n\r\n\r\n------WebKitFormBoundary7MA4YWxkTrZu0gW...PostmanRuntime/7.15.2", "cache-control: no-cache", "content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
/form> 默认的上传文件提交,请求头中的 Content-Type 字段值为multipart/form-data,在 Content-Type 中可能还附带内容分隔符 boundary=----WebKitFormBoundary4Hsing01Izo2AHqv...Content-Type: multipart/form-data; boundary=----WebKitFormBoundary4Hsing01Izo2AHqv 先上传一个JS文件,看看报文主体里面的格式大概是这样的
KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9pQqgBGwpDfftP8l...Accept-Encoding: gzip, deflate Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,zh-TW;q=0.7,da;q=0.6 ------WebKitFormBoundary9pQqgBGwpDfftP8l.../attack.jpg" Content-Type: image/jpeg ------WebKitFormBoundary9pQqgBGwpDfftP8l-- HTML 和 SVG 虽然说 Node.js
Postman-Token: 45479b21-15fa-9232-ab8b-52c7dde8523d Content-Type: multipart/form-data; boundary=----WebKitFormBoundary1s68Wb5ccTHj384y...Accept: */* Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 ------WebKitFormBoundary1s68Wb5ccTHj384y...form-data; name="image"; filename="QQ20141011-2.jpg" Content-Type: image/jpeg ***二进制文件内容*** ------WebKitFormBoundary1s68Wb5ccTHj384y...Content-Disposition: form-data; name="post" man ------WebKitFormBoundary1s68Wb5ccTHj384y Content-Disposition...: form-data; name="oo" xx ------WebKitFormBoundary1s68Wb5ccTHj384y-- Cookie 相关 Header Set-Cookie:响应的
可以看到参数是以payload的形式出现的 第一次看到这种的人估计会一脸懵逼 这个要结合请求中的 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary2KNsyxgtG28t93VF...------WebKitFormBoundary2KNsyxgtG28t93VF 是分割不同参数的,所以可以直接不看他(这个是由上面的Content-Type后面的boundary决定的,可以随便修改)
://192.168.10.104:8080 Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7Mqt2T4cA2gNVkCa...Content-Disposition: form-data; name="name" 弑神剑 ------WebKitFormBoundary7Mqt2T4cA2gNVkCa Content-Disposition...: form-data; name="info" 一剑弑神 ------WebKitFormBoundary7Mqt2T4cA2gNVkCa Content-Disposition: form-data...; name="origin" 噬神者 ------WebKitFormBoundary7Mqt2T4cA2gNVkCa Content-Disposition: form-data; name="file...------WebKitFormBoundary7Mqt2T4cA2gNVkCa-- ---- 四、如何使用请求头 上面说了一大堆请求和响应的格式,现在说一下他们的用处 这么想吧:浏览器将请求头发给服务器
KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5YpmA9D3wW207kB7...xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.8 ------WebKitFormBoundary5YpmA9D3wW207kB7...> ------WebKitFormBoundary5YpmA9D3wW207kB7-- 上传处理时将对检测到%00(这里需要对%00进行urldecode)并对.jpg字符串进行截断删除,最终文件名为
度娘了一下WebKitFormBoundary,好像说这个boundary其实不发送也没什么关系。主要是我刚开始写的时候这个boundary默认是空的,结果竟然登录成功了。...WebKitFormBoundary后面那16位大概是大小写字母和数字随机吧。那我就伪造了一下。...: factor = "ABCDEFGHIGKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" boundary = "----WebKitFormBoundary
领取专属 10元无门槛券
手把手带您无忧上云
云服务器
ICP备案
实时音视频
对象存储
云直播
