PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

Fixes #4235

Browse Source
This commit is contained in:
Miroslav Stampar
2020-06-17 20:56:50 +02:00
parent 56ff081314
commit 596fff48ad
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
thirdparty/multipart/multipartpost.py vendored
View File

@@ -23,6 +23,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import io
import mimetypes
import os
import re
import stat
import sys
@@ -67,6 +68,14 @@ class MultipartPostHandler(_urllib.request.BaseHandler):
request.add_unredirected_header("Content-Type", contenttype)
request.data = data
# NOTE: https://github.com/sqlmapproject/sqlmap/issues/4235
if request.data:
for match in re.finditer(r"(?i)\s*-{20,}\w+(\s+Content-Disposition[^\n]+\s+|\-\-\s*)", request.data):
part = match.group(0)
if '\r' not in part:
request.data = request.data.replace(part, part.replace("\n", "\r\n"))
return request
def multipart_encode(self, vars, files, boundary=None, buf=None):