@dodo said:
Hi! I’ve some problems using pythonrequests
to exploit the initial RCE:
using the same exploit works locally but when sending the payload to the server i get error 500.
I’ve also added the headerapplication/x-www-form-urlencoded
to the POST.I need to add something as header?
In exactly the same spot. Would love a nudge on the payload for RCE. Can post and check the result based on the hash. If the *1 string is not found I get a good 200 back with the string; if it is found its 500 each time, but works locally.