Fixes #4235

stamparm · stamparm · commit 596fff48ad89 · 2020-06-17T20:56:50.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -18,7 +18,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.4.6.10"
+VERSION = "1.4.6.11"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/thirdparty/multipart/multipartpost.py b/thirdparty/multipart/multipartpost.py
@@ -23,6 +23,7 @@
 import io
 import mimetypes
 import os
+import re
 import stat
 import sys
 
@@ -67,6 +68,14 @@ def http_request(self, request):
                 request.add_unredirected_header("Content-Type", contenttype)
 
             request.data = data
+
+        # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4235
+        if request.data:
+            for match in re.finditer(r"(?i)\s*-{20,}\w+(\s+Content-Disposition[^\n]+\s+|\-\-\s*)", request.data):
+                part = match.group(0)
+                if '\r' not in part:
+                    request.data = request.data.replace(part, part.replace("\n", "\r\n"))
+
         return request
 
     def multipart_encode(self, vars, files, boundary=None, buf=None):
