8Oca
How to properly use cURL –data-binary to send a request payload
This question is out of pure curiosity. I know I can send multipart formposts using curl's --form/-F option. However, I was curious to see if the same can be done with the --data-binary option? For example, if I run the following script to send a request to a PortSwigger Lab titled Web shell upload via Content-Type restriction bypass:
#!/usr/bin/env zsh
printf "\nsending request method: POST ..\n"
curl -X POST \
"https://0a0b0059048a431b81ed7643003d0052.web-security-academy.net/my-account/avatar" \
-H 'Host: 0a0b0059048a431b81ed7643003d0052.web-security-academy.net' \
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' \
-H 'Accept-Language: en-US,en;q=0.5' \
-H 'Accept-Encoding: gzip, deflate, br' \
-H 'Content-Type: multipart/form-data' \
-H 'Content-Length: 38849' \
-H 'Origin: https://0a0b0059048a431b81ed7643003d0052.web-security-academy.net' \
-H 'Connection: keep-alive' \
-H 'Referer: https://0a0b0059048a431b81ed7643003d0052.web-security-academy.net/my-account' \
-H 'Cookie: session=whnYtIxrymdpB2B0GfAmcHSL0JZ7PHYd' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'Sec-Fetch-User: ?1' \
--data-binary '@./reqsPayload.txt' \
--compressed -i > resp.txt
I get this response:
sending request method: POST ..
Warning: Couldn't read data from file "reqsPayload.txt", this makes an empty
Warning: POST.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 46 100 46 0 0 18 0 0:00:02 0:00:02 --:--:-- 18
displaying response: filtered ..
HTTP/2 400
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
content-encoding: gzip
content-length: 46
"Missing parameter 'csrf'"
Note: the file reqsPayload.txt contains the following request payload:
-----------------------------56824688216260865592753826511
Content-Disposition: form-data; name="avatar"; filename="file.jpg"
Content-Type: image/jpeg
./path/to/file.jpg
-----------------------------56824688216260865592753826511
Content-Disposition: form-data; name="user"
wiener
-----------------------------56824688216260865592753826511
Content-Disposition: form-data; name="csrf"
tOIh5UdsjYqWPRyc7ZKpwYysD3EDdfUF
-----------------------------56824688216260865592753826511--
What am I missing? I can clearly see the csrf token, even though the response includes "Missing parameter 'csrf'". And how do I fix the other response Warning: Couldn't read data from file "reqsPayload.txt"?
Cheers.
