@batman786 said:
@Snoe said:
@dodo said:
Hi! I’ve some problems using pythonrequeststo exploit the initial RCE:
using the same exploit works locally but when sending the payload to the server i get error 500.
I’ve also added the headerapplication/x-www-form-urlencodedto the POST.I need to add something as header?
In exactly the same spot. Would love a nudge on the payload for RCE. Can post and check the result based on the hash. If the *1 string is not found I get a good 200 back with the string; if it is found its 500 each time, but works locally.
no need to add headers …just make a script to automate all required job…
I should have mentioned this is all being done in the same python script, leaving me to think its something to do with the payload encoding in the post request.