diff --git a/lib/controller/checks.py b/lib/controller/checks.py index be0fc9f01..b920a7c94 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -73,6 +73,7 @@ from lib.core.settings import BOUNDED_INJECTION_MARKER from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH from lib.core.settings import CHECK_INTERNET_ADDRESS from lib.core.settings import CHECK_INTERNET_VALUE +from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX from lib.core.settings import FI_ERROR_REGEX @@ -1559,6 +1560,15 @@ def checkConnection(suppressOutput=False): kb.originalPage = kb.pageTemplate = threadData.lastPage kb.originalCode = threadData.lastCode + if conf.cj and not conf.cookie and not conf.dropSetCookie: + candidate = DEFAULT_COOKIE_DELIMITER.join("%s=%s" % (_.name, _.value) for _ in conf.cj) + + message = "you have not declared cookie(s), while " + message += "server wants to set its own ('%s'). " % re.sub(r"(=[^=;]{10}[^=;])[^=;]+([^=;]{10})", r"\g<1>...\g<2>", candidate) + message += "Do you want to use those [Y/n] " + if readInput(message, default='Y', boolean=True): + conf.httpHeaders.append((HTTP_HEADER.COOKIE, candidate)) + return True def checkInternet(): diff --git a/lib/core/settings.py b/lib/core/settings.py index 71cce7488..b4e6bf30b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.10.14" +VERSION = "1.3.10.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)