sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-25 15:39:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Improved file field handling in Multipart forms

Browse Source
This commit is contained in:
Rohith Kumar Ankam 2024-01-09 11:58:33 +05:30
parent 855e7af0cd
commit 13e293c733
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/target.py
View File

@ -226,7 +226,7 @@ def _setRequestParams():
if not (kb.processUserMarks and kb.customInjectionMark in conf.data):
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
conf.data = re.sub(r"(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"']?(?P<name>[^\"'\r\n]+)[\"']?).+?)((%s)--)" % ("\r\n" if "\r\n" in conf.data else '\n'), functools.partial(process, repl=r"\g<1>%s\g<4>" % kb.customInjectionMark), conf.data)
conf.data = re.sub(r"(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"']?(?P<name>[^\"'\r\n]+)[\"']?).+?)((%s)--)" % ("\r\n" if "\r\n" in conf.data else '\n'), lambda match: match.group(1) + (kb.customInjectionMark if 'filename' not in match.group(0) else '') + match.group(4), conf.data)
if not kb.postHint:
if kb.customInjectionMark in conf.data: # later processed