From 121f0376ea5942a33ba5a5235039607d71b9148f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 16 Jan 2017 14:29:23 +0100 Subject: [PATCH] Implementation for #2351 --- lib/core/enums.py | 1 + lib/core/settings.py | 2 +- lib/request/connect.py | 56 ++++++++++++++++++++++-------------------- txt/checksum.md5 | 6 ++--- 4 files changed, 35 insertions(+), 30 deletions(-) diff --git a/lib/core/enums.py b/lib/core/enums.py index 30a6678a0..36e03cf06 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -176,6 +176,7 @@ class HTTP_HEADER: PROXY_CONNECTION = "Proxy-Connection" RANGE = "Range" REFERER = "Referer" + REFRESH = "Refresh" # Reference: http://stackoverflow.com/a/283794 SERVER = "Server" SET_COOKIE = "Set-Cookie" TRANSFER_ENCODING = "Transfer-Encoding" diff --git a/lib/core/settings.py b/lib/core/settings.py index 87aef348c..20338163e 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.1.1.8" +VERSION = "1.1.1.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 41a18e007..8962ecfe8 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -475,7 +475,7 @@ class Connect(object): return conn, None, None # Get HTTP response - if hasattr(conn, 'redurl'): + if hasattr(conn, "redurl"): page = (threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\ else Connect._connReadProxy(conn)) if not skipRead else None skipLogTraffic = kb.redirectChoice == REDIRECTION.NO @@ -491,37 +491,41 @@ class Connect(object): kb.connErrorCounter = 0 - if extractRegexResult(META_REFRESH_REGEX, page) and not refreshing: - refresh = extractRegexResult(META_REFRESH_REGEX, page) + if not refreshing: + refresh = headers.get(HTTP_HEADER.REFRESH) - debugMsg = "got HTML meta refresh header" - logger.debug(debugMsg) + if extractRegexResult(META_REFRESH_REGEX, page): + refresh = extractRegexResult(META_REFRESH_REGEX, page) - if kb.alwaysRefresh is None: - msg = "sqlmap got a refresh request " - msg += "(redirect like response common to login pages). " - msg += "Do you want to apply the refresh " - msg += "from now on (or stay on the original page)? [Y/n]" - choice = readInput(msg, default="Y") + debugMsg = "got HTML meta refresh header" + logger.debug(debugMsg) - kb.alwaysRefresh = choice not in ("n", "N") + if refresh: + if kb.alwaysRefresh is None: + msg = "sqlmap got a refresh request " + msg += "(redirect like response common to login pages). " + msg += "Do you want to apply the refresh " + msg += "from now on (or stay on the original page)? [Y/n]" + choice = readInput(msg, default="Y") - if kb.alwaysRefresh: - if re.search(r"\Ahttps?://", refresh, re.I): - url = refresh - else: - url = urlparse.urljoin(url, refresh) + kb.alwaysRefresh = choice not in ("n", "N") - threadData.lastRedirectMsg = (threadData.lastRequestUID, page) - kwargs['refreshing'] = True - kwargs['url'] = url - kwargs['get'] = None - kwargs['post'] = None + if kb.alwaysRefresh: + if re.search(r"\Ahttps?://", refresh, re.I): + url = refresh + else: + url = urlparse.urljoin(url, refresh) - try: - return Connect._getPageProxy(**kwargs) - except SqlmapSyntaxException: - pass + threadData.lastRedirectMsg = (threadData.lastRequestUID, page) + kwargs["refreshing"] = True + kwargs["url"] = url + kwargs["get"] = None + kwargs["post"] = None + + try: + return Connect._getPageProxy(**kwargs) + except SqlmapSyntaxException: + pass # Explicit closing of connection object if conn and not conf.keepAlive: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b019c5611..db74a249b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -34,7 +34,7 @@ a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py 47eecd5499eaa15e931793e1d1ac3566 lib/core/defaults.py 4029f6869b36eb5f796c2bcc948f4fae lib/core/dicts.py 77edcfd3d7c5522bb64baf59ac23a047 lib/core/dump.py -0c0f18761e9bb61d289bfa884dcd7dbd lib/core/enums.py +18554d2eafd721a2b92dcfd202b9a0ab lib/core/enums.py 9381a0c7e8bc19986299e84f4edda1a0 lib/core/exception.py 310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py 9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py @@ -45,7 +45,7 @@ e544108e2238d756c94a240e8a1ce061 lib/core/optiondict.py d8e9250f3775119df07e9070eddccd16 lib/core/replication.py 785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py 40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py -28f22f49a65ab96922496c2bdd36ee8f lib/core/settings.py +d943f8318b1adbd51c7859d04d0b6eda lib/core/settings.py d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py 2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py @@ -67,7 +67,7 @@ a0444cc351cd6d29015ad16d9eb46ff4 lib/parse/sitemap.py 403d873f1d2fd0c7f73d83f104e41850 lib/request/basicauthhandler.py 6d04ee525e75bf0082e9f1f6d8506546 lib/request/basic.py 4e89d0e13de2eb3576f5412b21e9b648 lib/request/comparison.py -30d7b0df341762c5aa7aab537878ce05 lib/request/connect.py +745fb024ccea7d13c36e83aecedf28a9 lib/request/connect.py fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py 5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py