0140454
commented
3 years ago If enctype is application/x-www-form-urlencoded, there must be at least one equation symbol (=) in payload.
Closed is101101 closed 3 years ago
0140454
commented
3 years ago If enctype is application/x-www-form-urlencoded, there must be at least one equation symbol (=) in payload.
is101101
commented
3 years ago 像一些漏洞利用是没有(=)的,这样就造成无法利用hackbar进行利用,希望可以更新优化。
is101101
commented
3 years ago 例如: 文件包含漏洞利用PHP伪协议
url: http://127.0.0.1/index.php?id=php://input
post: <?php phpinfo();?>
请问这种应该如何使用hackbar?
0140454
commented
3 years ago Since I don't want to use fetch or XHR then rewrite document to show response, POST function is implemented by constructing a form element, inserting it into document and submitting it.
Therefore, there must be at least one equation symbol in payload.
Maybe you will ask me why not to implement POST function by modifying request body directly? Because Chrome doesn't provide API to do this.
In conclusion, I think you should use Burp Suite for this situation.
is101101
commented
3 years ago 了解,感谢
NEX-S
commented
1 year ago Seems in the latest hackbar's RAW MODE allowed us to send the POST DATA without =
NEX-S
commented
1 year ago
hackbar 版本0.3.5 Google Chrome 已是最新版本 版本 88.0.4324.192(正式版本) (x86_64) 电脑mac 获取url信息后开启post,填写Boby信息后发送,抓包观察到请求方式是post,但是并没有发送post数据内容,