From bcea050f226b48d01f7d1df5fdcc40bc14791780 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 6 Sep 2020 23:32:47 +0200 Subject: [PATCH] Fixes #4331 --- lib/core/settings.py | 2 +- lib/request/connect.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index f2d45e91b..994d66d35 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.9.4" +VERSION = "1.4.9.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 761fb38b5..e70575e33 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1089,6 +1089,9 @@ class Connect(object): if not match: match = re.search(r"\b(?P%s)\s*=\s*['\"]?(?P[^;'\"]+)" % conf.csrfToken, page or "", re.I) + if not match: + match = re.search(r"%s)[\"']?[^>]+\b(value|content)=[\"']?(?P[^>\"']+)" % conf.csrfToken, page or "", re.I) + if match: token.name, token.value = match.group("name"), match.group("value")