上传APK检测ZipperDown漏洞是否存在

  • 内容
  • 相关
# -*- coding: utf-8 -*-
from selenium import webdriver
import os
import time
import urllib2
import base64
import json


def post_upload(file_path):

    file_size = os.path.getsize(file_path)    # 获取文件大小
    filename = os.path.basename(file_path)    # 获取文件名

    boundary = '----------%s' % "WebKitFormBoundar"+base64.b64encode(hex(int(time.time() * 1000))).rstrip('=')
    data = []
    data.append('--%s' % boundary)

    data.append('Content-Disposition: form-data; name="%s"\r\n' % 'id')
    data.append('WU_FILE_0')
    data.append('--%s' % boundary)
    data.append('Content-Disposition: form-data; name="%s"\r\n' % 'name')
    data.append("%s" % filename)
    data.append('--%s' % boundary)
    data.append('Content-Disposition: form-data; name="%s"\r\n' % 'type')
    data.append('application/vnd.android.package-archive')
    data.append('--%s' % boundary)
    data.append('Content-Disposition: form-data; name="%s"\r\n' % 'lastModifiedDate')
    data.append('Sat Apr 12 2014 05:07:04 GMT+0800 (涓浗鏍囧噯鏃堕棿)')
    data.append('--%s' % boundary)
    data.append('Content-Disposition: form-data; name="%s"\r\n' % 'size')
    data.append("%s" % file_size)    #文件大小
    data.append('--%s' % boundary)


    fr = open(filename, 'rb')
    data.append('Content-Disposition: form-data; name="file"; filename="%s"' % filename)
    data.append('Content-Type: %s\r\n' % 'application/vnd.android.package-archive')
    data.append(fr.read())
    fr.close()
    data.append('--%s--\r\n' % boundary)

    http_url = 'http://appscan.360.cn/app/upload_zipperdown/'
    http_body = '\r\n'.join(data)
    try:
        # buld http request
        req = urllib2.Request(http_url, data=http_body)
        # header
        req.add_header('Content-Type', 'multipart/form-data; boundary=%s' % boundary)
        req.add_header('User-Agent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36')
        req.add_header('Referer', 'http://appscan.360.cn/tool/')
        # post data to server
        resp = urllib2.urlopen(req, timeout=5)
        # get response
        qrcont = resp.read()
        print qrcont
        return qrcont
    except Exception, e:
        print 'http error'



if __name__ == '__main__':
    file_path = os.getcwd() +"\\1.apk"
    res = post_upload(file_path)
    setting = json.loads(res)

print 'http://appscan.360.cn/'+setting['result']

POST的方式上传文件

本文标签:

版权声明:若无特殊注明,本文皆为《颓废》原创,转载请保留文章出处。

收录状态:[百度已收录] | [360已收录] | [搜狗已收录]

本文链接:上传APK检测ZipperDown漏洞是否存在 - https://www.0dayhack.com/post-861.html

严重声明:本站内容来自于互联网,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规,黑客不是骇客,黑客维护网络安全

发表评论

电子邮件地址不会被公开。 必填项已用*标注