malectricasoftware
/
expload
mirror of https://github.com/malectricasoftware/expload.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
expload/README.md

1.2 KiB
Raw Blame History

Expload

image

what is expload

A tool for injecting magic bytes of allowed files, and spoofing the mime type. In order to exploit vulnerable file upload forms that use these as the sole validation mechanism

useage

expload.py [-h] -u URL -p PAYLOAD -e EXT -n NAME -f FILENAME [-d] [-h2] [-he HEADERS [HEADERS ...]] [-c COOKIES] [-r]

expload args

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     url to upload to
  -p PAYLOAD, --payload PAYLOAD
                        path to file to upload
  -e EXT, --ext EXT     extension to spoof
  -n NAME, --name NAME  field name for file upload
  -f FILENAME, --filename FILENAME
                        file name to upload with
  -d, --doubleextend    spoofed extension inserted into filename
  -h2, --http2          use http2 if supported
  -he HEADERS [HEADERS ...], --headers HEADERS [HEADERS ...]
                        headers and keys colon seperated
  -c COOKIES, --cookies COOKIES
                        cookies seperated by ; and wrapped in quotes
  -r, --response        display the response from the target webapp