sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-25 23:49:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

support for multipart in --eval

Browse Source
This commit is contained in:
Rend 2022-03-07 22:39:16 +03:30
parent a2fcab448c
commit 6196c6a5bc
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/request/connect.py
View File

@ -1367,6 +1367,9 @@ class Connect(object):
found = True found = True
post = post.replace(match.group(0), "%s%s" % (match.group(1), value if value.isdigit() else "%s%s%s" % (match.group(0)[0], value, match.group(0)[0]))) post = post.replace(match.group(0), "%s%s" % (match.group(1), value if value.isdigit() else "%s%s%s" % (match.group(0)[0], value, match.group(0)[0])))
post = post.replace(BOUNDARY_BACKSLASH_MARKER, "\\%s" % quote) post = post.replace(BOUNDARY_BACKSLASH_MARKER, "\\%s" % quote)
elif kb.postHint == POST_HINT.MULTIPART:
boundary = '--' + re.search(r"boundary=(.*)", contentType).group(1)
post = re.sub(r"(?s)(name=\"%s\"(?:; ?filename=.+?)?\r\n\r\n).*?(%s)" % (name, boundary), r"\g<1>%s\r\n\g<2>" % value.replace('\\', r'\\'), post)
regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name) regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name)
if not found and re.search(regex, (post or "")): if not found and re.search(regex, (post or "")):