Improved Multipart Form handling (#5598)

* improved multipart marker

* Improved file field handling in Multipart forms

* improved dumb LF to CRLF converter

lib/core/target.py

@@ -226,7 +226,7 @@ def _setRequestParams():
                 if not (kb.processUserMarks and kb.customInjectionMark in conf.data):
                     conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
                     conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
-                    conf.data = re.sub(r"(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"']?(?P<name>[^\"'\r\n]+)[\"']?).+?)((%s)+--)" % ("\r\n" if "\r\n" in conf.data else '\n'), functools.partial(process, repl=r"\g<1>%s\g<4>" % kb.customInjectionMark), conf.data)
+                    conf.data = re.sub(r"(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"']?(?P<name>[^\"'\r\n]+)[\"']?).+?)((%s)--)" % ("\r\n" if "\r\n" in conf.data else '\n'), lambda match: match.group(1) + (kb.customInjectionMark if 'filename' not in match.group(0) else '') + match.group(4), conf.data)
 
         if not kb.postHint:
             if kb.customInjectionMark in conf.data:  # later processed

thirdparty/multipart/multipartpost.py

@@ -74,6 +74,10 @@ class MultipartPostHandler(_urllib.request.BaseHandler):
                 part = match.group(0)
                 if b'\r' not in part:
                     request.data = request.data.replace(part, part.replace(b'\n', b"\r\n"))
+            for match in re.finditer(b"(Content-Type[^\\n]+[\\n|\\r|\\r\\n]+)",request.data):
+                part = match.group(0)
+                if b'\r' not in part:
+                    request.data = request.data.replace(part, part.replace(b'\n', b"\r\n"))
 
         return request