Incorrect payload location marking in Multipart forms

[rohitkumarankam]

Describe the bug Currently sqlmap is trying to mark all fields in multipart forms which is leading to corruption of file contents.

this is dumped by adding print(conf.data) after line 229 of /lib/core/target.py

--AaB03x
Content-Disposition: form-data; name="submit-name"

Larry*
--AaB03x
Content-Disposition: form-data; name="files"; filename="file1.txt"
Content-Type: text/plain

... contents of file1.txt ...*
--AaB03x
Content-Disposition: form-data; name="test-name"

IDK*
--AaB03x
Content-Disposition: form-data; name="files"
Content-Type: multipart/mixed; boundary=BbC04y
*
--BbC04y
Content-Disposition: file; filename="file1.txt"
Content-Type: text/plain

... contents of file1.txt ...*
--BbC04y
Content-Disposition: file; filename="file2.gif"
Content-Type: image/gif
Content-Transfer-Encoding: binary

...contents of file2.gif...*
--BbC04y--
--AaB03x--

Test file multipart-test.req.txt test file is based on multipart/form-data spec

To Reproduce

1. Run 'sqlmap -r multipart-test.req.txt'

Expected behavior Ideally it should only mark submit-name and test-name fields of the test file attached.

--AaB03x
Content-Disposition: form-data; name="submit-name"

Larry*
--AaB03x
Content-Disposition: form-data; name="files"; filename="file1.txt"
Content-Type: text/plain

... contents of file1.txt ...
--AaB03x
Content-Disposition: form-data; name="test-name"

IDK*
--AaB03x
Content-Disposition: form-data; name="files"
Content-Type: multipart/mixed; boundary=BbC04y

--BbC04y
Content-Disposition: file; filename="file1.txt"
Content-Type: text/plain

... contents of file1.txt ...
--BbC04y
Content-Disposition: file; filename="file2.gif"
Content-Type: image/gif
Content-Transfer-Encoding: binary

...contents of file2.gif...
--BbC04y--
--AaB03x--

Running environment:

• sqlmap version: 1.8.1.2#dev
• Installation method: git
• Operating system: macOS 14.2.1 23C71 arm64
• Python version: 3.9.6

[mastercho]

thats being bug for years