sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-21 17:16:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #4235

Browse Source
This commit is contained in:
Miroslav Stampar 2020-06-17 20:56:50 +02:00
parent 56ff081314
commit 596fff48ad
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.4.6.10"
VERSION = "1.4.6.11"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

9
thirdparty/multipart/multipartpost.py vendored
View File

@ -23,6 +23,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import io
import mimetypes
import os
import re
import stat
import sys
@ -67,6 +68,14 @@ class MultipartPostHandler(_urllib.request.BaseHandler):
request.add_unredirected_header("Content-Type", contenttype)
request.data = data
# NOTE: https://github.com/sqlmapproject/sqlmap/issues/4235
if request.data:
for match in re.finditer(r"(?i)\s*-{20,}\w+(\s+Content-Disposition[^\n]+\s+|\-\-\s*)", request.data):
part = match.group(0)
if '\r' not in part:
request.data = request.data.replace(part, part.replace("\n", "\r\n"))
return request
def multipart_encode(self, vars, files, boundary=None, buf=None):