Implementation for #2351

lib/core/enums.py

@@ -176,6 +176,7 @@ class HTTP_HEADER:
     PROXY_CONNECTION = "Proxy-Connection"
     RANGE = "Range"
     REFERER = "Referer"
+    REFRESH = "Refresh"  # Reference: http://stackoverflow.com/a/283794
     SERVER = "Server"
     SET_COOKIE = "Set-Cookie"
     TRANSFER_ENCODING = "Transfer-Encoding"

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.1.8"
+VERSION = "1.1.1.9"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/request/connect.py

@@ -475,7 +475,7 @@ class Connect(object):
                     return conn, None, None
 
                 # Get HTTP response
-                if hasattr(conn, 'redurl'):
+                if hasattr(conn, "redurl"):
                     page = (threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\
                     else Connect._connReadProxy(conn)) if not skipRead else None
                     skipLogTraffic = kb.redirectChoice == REDIRECTION.NO
@@ -491,37 +491,41 @@ class Connect(object):
 
             kb.connErrorCounter = 0
 
-            if extractRegexResult(META_REFRESH_REGEX, page) and not refreshing:
+            if not refreshing:
-                refresh = extractRegexResult(META_REFRESH_REGEX, page)
+                refresh = headers.get(HTTP_HEADER.REFRESH)
 
-                debugMsg = "got HTML meta refresh header"
+                if extractRegexResult(META_REFRESH_REGEX, page):
-                logger.debug(debugMsg)
+                    refresh = extractRegexResult(META_REFRESH_REGEX, page)
 
-                if kb.alwaysRefresh is None:
+                    debugMsg = "got HTML meta refresh header"
-                    msg = "sqlmap got a refresh request "
+                    logger.debug(debugMsg)
-                    msg += "(redirect like response common to login pages). "
-                    msg += "Do you want to apply the refresh "
-                    msg += "from now on (or stay on the original page)? [Y/n]"
-                    choice = readInput(msg, default="Y")
 
-                    kb.alwaysRefresh = choice not in ("n", "N")
+                if refresh:
+                    if kb.alwaysRefresh is None:
+                        msg = "sqlmap got a refresh request "
+                        msg += "(redirect like response common to login pages). "
+                        msg += "Do you want to apply the refresh "
+                        msg += "from now on (or stay on the original page)? [Y/n]"
+                        choice = readInput(msg, default="Y")
 
-                if kb.alwaysRefresh:
+                        kb.alwaysRefresh = choice not in ("n", "N")
-                    if re.search(r"\Ahttps?://", refresh, re.I):
-                        url = refresh
-                    else:
-                        url = urlparse.urljoin(url, refresh)
 
-                    threadData.lastRedirectMsg = (threadData.lastRequestUID, page)
+                    if kb.alwaysRefresh:
-                    kwargs['refreshing'] = True
+                        if re.search(r"\Ahttps?://", refresh, re.I):
-                    kwargs['url'] = url
+                            url = refresh
-                    kwargs['get'] = None
+                        else:
-                    kwargs['post'] = None
+                            url = urlparse.urljoin(url, refresh)
 
-                    try:
+                        threadData.lastRedirectMsg = (threadData.lastRequestUID, page)
-                        return Connect._getPageProxy(**kwargs)
+                        kwargs["refreshing"] = True
-                    except SqlmapSyntaxException:
+                        kwargs["url"] = url
-                        pass
+                        kwargs["get"] = None
+                        kwargs["post"] = None
+
+                        try:
+                            return Connect._getPageProxy(**kwargs)
+                        except SqlmapSyntaxException:
+                            pass
 
             # Explicit closing of connection object
             if conn and not conf.keepAlive:

txt/checksum.md5

@@ -34,7 +34,7 @@ a8143dab9d3a27490f7d49b6b29ea530  lib/core/data.py
 47eecd5499eaa15e931793e1d1ac3566  lib/core/defaults.py
 4029f6869b36eb5f796c2bcc948f4fae  lib/core/dicts.py
 77edcfd3d7c5522bb64baf59ac23a047  lib/core/dump.py
-0c0f18761e9bb61d289bfa884dcd7dbd  lib/core/enums.py
+18554d2eafd721a2b92dcfd202b9a0ab  lib/core/enums.py
 9381a0c7e8bc19986299e84f4edda1a0  lib/core/exception.py
 310efc965c862cfbd7b0da5150a5ad36  lib/core/__init__.py
 9ba39bf66e9ecd469446bdbbeda906c3  lib/core/log.py
@@ -45,7 +45,7 @@ e544108e2238d756c94a240e8a1ce061  lib/core/optiondict.py
 d8e9250f3775119df07e9070eddccd16  lib/core/replication.py
 785f86e3f963fa3798f84286a4e83ff2  lib/core/revision.py
 40c80b28b3a5819b737a5a17d4565ae9  lib/core/session.py
-28f22f49a65ab96922496c2bdd36ee8f  lib/core/settings.py
+d943f8318b1adbd51c7859d04d0b6eda  lib/core/settings.py
 d91291997d2bd2f6028aaf371bf1d3b6  lib/core/shell.py
 2ad85c130cc5f2b3701ea85c2f6bbf20  lib/core/subprocessng.py
 afd0636d2e93c23f4f0a5c9b6023ea17  lib/core/target.py
@@ -67,7 +67,7 @@ a0444cc351cd6d29015ad16d9eb46ff4  lib/parse/sitemap.py
 403d873f1d2fd0c7f73d83f104e41850  lib/request/basicauthhandler.py
 6d04ee525e75bf0082e9f1f6d8506546  lib/request/basic.py
 4e89d0e13de2eb3576f5412b21e9b648  lib/request/comparison.py
-30d7b0df341762c5aa7aab537878ce05  lib/request/connect.py
+745fb024ccea7d13c36e83aecedf28a9  lib/request/connect.py
 fb6b788d0016ab4ec5e5f661f0f702ad  lib/request/direct.py
 cc1163d38e9b7ee5db2adac6784c02bb  lib/request/dns.py
 5dcdb37823a0b5eff65cd1018bcf09e4  lib/request/httpshandler.py