sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementation for multipart/eval (#5021)

Browse Source
This commit is contained in:
Miroslav Stampar 2022-03-07 22:05:00 +01:00
parent 02ff0eef88
commit 445d69f678
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.6.3.8" VERSION = "1.6.3.9"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

22
lib/request/connect.py
View File

@ -1356,7 +1356,27 @@ class Connect(object):
found = False found = False
value = getUnicode(value, UNICODE_ENCODING) value = getUnicode(value, UNICODE_ENCODING)
if kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""): if kb.postHint == POST_HINT.MULTIPART:
boundary = "--%s" % re.search(r"boundary=([^\s]+)", contentType).group(1)
if boundary:
parts = post.split(boundary)
match = re.search(r'\bname="%s"' % re.escape(name), post)
if not match and parts:
parts.insert(2, parts[1])
parts[2] = re.sub(r'\bname="[^"]+".*', 'name="%s"' % re.escape(name), parts[2])
for i in xrange(len(parts)):
part = parts[i]
if re.search(r'\bname="%s"' % re.escape(name), part):
match = re.search(r"(?s)\A.+?\r?\n\r?\n", part)
if match:
found = True
first = match.group(0)
second = part[len(first):]
second = re.sub(r"(?s).+?(\r?\n?\-*\Z)", r"%s\g<1>" % re.escape(value), second)
parts[i] = "%s%s" % (first, second)
post = boundary.join(parts)
elif kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""):
if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP): if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP):
if re.search(r"<%s\b" % re.escape(name), post): if re.search(r"<%s\b" % re.escape(name), post):
found = True found = True