mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Implementation for multipart/eval (#5021)
This commit is contained in:
parent
02ff0eef88
commit
445d69f678
|
@ -20,7 +20,7 @@ from thirdparty import six
|
|||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.6.3.8"
|
||||
VERSION = "1.6.3.9"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -1356,7 +1356,27 @@ class Connect(object):
|
|||
found = False
|
||||
value = getUnicode(value, UNICODE_ENCODING)
|
||||
|
||||
if kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""):
|
||||
if kb.postHint == POST_HINT.MULTIPART:
|
||||
boundary = "--%s" % re.search(r"boundary=([^\s]+)", contentType).group(1)
|
||||
if boundary:
|
||||
parts = post.split(boundary)
|
||||
match = re.search(r'\bname="%s"' % re.escape(name), post)
|
||||
if not match and parts:
|
||||
parts.insert(2, parts[1])
|
||||
parts[2] = re.sub(r'\bname="[^"]+".*', 'name="%s"' % re.escape(name), parts[2])
|
||||
for i in xrange(len(parts)):
|
||||
part = parts[i]
|
||||
if re.search(r'\bname="%s"' % re.escape(name), part):
|
||||
match = re.search(r"(?s)\A.+?\r?\n\r?\n", part)
|
||||
if match:
|
||||
found = True
|
||||
first = match.group(0)
|
||||
second = part[len(first):]
|
||||
second = re.sub(r"(?s).+?(\r?\n?\-*\Z)", r"%s\g<1>" % re.escape(value), second)
|
||||
parts[i] = "%s%s" % (first, second)
|
||||
post = boundary.join(parts)
|
||||
|
||||
elif kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""):
|
||||
if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP):
|
||||
if re.search(r"<%s\b" % re.escape(name), post):
|
||||
found = True
|
||||
|
|
Loading…
Reference in New Issue
Block a user