Improved Multipart Form handling#5598
Merged
stamparm merged 3 commits intosqlmapproject:masterfrom Jan 9, 2024
rohitkumarankam:master
Merged
Improved Multipart Form handling#5598stamparm merged 3 commits intosqlmapproject:masterfrom rohitkumarankam:master
stamparm merged 3 commits intosqlmapproject:masterfrom
rohitkumarankam:master
Conversation
Member
|
|
stamparm
added a commit
that referenced
this pull request
Jan 9, 2024
Member
|
@rohitkumarankam can you please copy-paste the request files and pinpoint what's the current and what's the expected behavior? |
Contributor
Author
|
testreq.raw.txt current behavior (look at course_name field) POST https://example.com/help_center/send_help_center_query HTTP/1.1
host: example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------415273848417249099023591489318
content-length: 295
Origin: https://example.com
Connection: keep-alive
Cookie: PHPSESSID=r4cepsk5nkrk2brors14sah119ov0mkt
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------415273848417249099023591489318
Content-Disposition: form-data; name="name"
rohit*
-----------------------------415273848417249099023591489318
Content-Disposition: form-data; name="course_name"
*
-----------------------------415273848417249099023591489318--but as per the spec there should be a empty line(CRLF) after header and before body. expected behavior POST https://example.com/help_center/send_help_center_query HTTP/1.1
host: example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------415273848417249099023591489318
content-length: 295
Origin: https://example.com
Connection: keep-alive
Cookie: PHPSESSID=r4cepsk5nkrk2brors14sah119ov0mkt
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------415273848417249099023591489318
Content-Disposition: form-data; name="name"
rohit*
-----------------------------415273848417249099023591489318
Content-Disposition: form-data; name="course_name"
*
-----------------------------415273848417249099023591489318--this behavior is fixed through this commit. |
stamparm
added a commit
that referenced
this pull request
Jan 9, 2024
Member
|
@rohitkumarankam ok. fixed with latest commit (same as you proposed) |
ThisIzAli2
pushed a commit
to ThisIzAli2/sqlmap
that referenced
this pull request
May 4, 2024
* improved multipart marker * Improved file field handling in Multipart forms * improved dumb LF to CRLF converter
ThisIzAli2
pushed a commit
to ThisIzAli2/sqlmap
that referenced
this pull request
May 4, 2024
…pproject#5599) This reverts commit 93a8828.
ThisIzAli2
pushed a commit
to ThisIzAli2/sqlmap
that referenced
this pull request
May 4, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes and Improvements in multipart form handling
1. improved multipart marker
before
marking at wrong location
after fix
refering to rfc 2046 multipart forms must have one CRLF between field header and field body. but here multipart filed processor is marking at wrong location in
namefield.fix: in lib/core/target.py line 229
(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"']?(?P<name>[^\"'\r\n]+)[\"']?).+?)((%s)+--)(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"']?(?P<name>[^\"'\r\n]+)[\"']?).+?)((%s)--)this regex group
((%s)+--)is trying to match as many CRLFs as possible but according to rfc need to match one CRLF before--removing+will only match one CRLF2. Fixed file corruption.
before
after change
marking file fields is leading to file corruption.
added a if condition to check if the field is file or not.
3. Improved dumb LF to CRLF converter in case of Multipart file headers.
before:
it's not properly converting LF to CRLF in case there is any extra header. to fix this added
Content-Typeheader which is most common.