malectricasoftware
/
expload
mirror of https://github.com/malectricasoftware/expload.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
A basic tool for exploiting vulnerable file uploads WIP. main functionality is complete but need to add options such as passing cookies and other form data
14 Commits
1 Branch
0 Tags
44 KiB
Python 100%
 
Go to file
witchdocsec 6bab1015a7
Update expload.py 
added double extension method and the ability to pass cookies and headers
 		2024-09-24 20:34:36 +01:00
exploadlib Update parse.py 2024-09-21 12:03:20 +01:00
README.md Update README.md 2024-09-20 10:56:58 +01:00
expload.py Update expload.py 2024-09-24 20:34:36 +01:00
r.txt Create r.txt 2024-09-21 12:02:46 +01:00

README.md

Expload

image

what is expload

A tool for injecting magic bytes of allowed files, and spoofing the mime type. In order to exploit vulnerable file upload forms that use these as the sole validation mechanism

useage

expload.py [-h] -u URL -p PAYLOAD -e EXT -n NAME -f FILENAME

expload args

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     url to upload to
  -p PAYLOAD, --payload PAYLOAD
                        path to file to upload
  -e EXT, --ext EXT     extension to spoof
  -n NAME, --name NAME  field name for file upload
  -f FILENAME, --filename FILENAME
                        file name to upload with