We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug Currently sqlmap is trying to mark all fields in multipart forms which is leading to corruption of file contents.
this is dumped by adding print(conf.data) after line 229 of /lib/core/target.py
print(conf.data)
/lib/core/target.py
--AaB03x Content-Disposition: form-data; name="submit-name" Larry* --AaB03x Content-Disposition: form-data; name="files"; filename="file1.txt" Content-Type: text/plain ... contents of file1.txt ...* --AaB03x Content-Disposition: form-data; name="test-name" IDK* --AaB03x Content-Disposition: form-data; name="files" Content-Type: multipart/mixed; boundary=BbC04y * --BbC04y Content-Disposition: file; filename="file1.txt" Content-Type: text/plain ... contents of file1.txt ...* --BbC04y Content-Disposition: file; filename="file2.gif" Content-Type: image/gif Content-Transfer-Encoding: binary ...contents of file2.gif...* --BbC04y-- --AaB03x--
Test file multipart-test.req.txt test file is based on multipart/form-data spec
To Reproduce
Expected behavior Ideally it should only mark submit-name and test-name fields of the test file attached.
submit-name
test-name
--AaB03x Content-Disposition: form-data; name="submit-name" Larry* --AaB03x Content-Disposition: form-data; name="files"; filename="file1.txt" Content-Type: text/plain ... contents of file1.txt ... --AaB03x Content-Disposition: form-data; name="test-name" IDK* --AaB03x Content-Disposition: form-data; name="files" Content-Type: multipart/mixed; boundary=BbC04y --BbC04y Content-Disposition: file; filename="file1.txt" Content-Type: text/plain ... contents of file1.txt ... --BbC04y Content-Disposition: file; filename="file2.gif" Content-Type: image/gif Content-Transfer-Encoding: binary ...contents of file2.gif... --BbC04y-- --AaB03x--
Running environment:
The text was updated successfully, but these errors were encountered:
thats being bug for years
Sorry, something went wrong.
fixed multipart form handling issue (#5602) (#5603)
9c1879b
fixed multipart form handling issue (sqlmapproject#5602) (sqlmapproje…
6041837
…ct#5603)
No branches or pull requests
Describe the bug
Currently sqlmap is trying to mark all fields in multipart forms which is leading to corruption of file contents.
this is dumped by adding
print(conf.data)
after line 229 of/lib/core/target.py
Test file
multipart-test.req.txt
test file is based on multipart/form-data spec
To Reproduce
Expected behavior
Ideally it should only mark
submit-name
andtest-name
fields of the test file attached.Running environment:
The text was updated successfully, but these errors were encountered: