From 3f17dc4747509e0bd72cdc8882faf767c19912e8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Feb 2020 13:48:22 +0100 Subject: [PATCH] Fixes #4113 --- lib/core/common.py | 9 +++++++-- lib/core/settings.py | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index ef014b378..ca9b9f51b 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1661,13 +1661,13 @@ def parseTargetUrl(): else: conf.parameters[PLACE.GET] = urldecode(urlSplit.query, spaceplus=not conf.base64Parameter) if urlSplit.query and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in urlSplit.query else urlSplit.query - if (intersect(REFERER_ALIASES, conf.testParameter, True) or conf.level >= 3) and not any(_[0] == HTTP_HEADER.REFERER for _ in conf.httpHeaders): + if (intersect(REFERER_ALIASES, conf.testParameter, True) or conf.level >= 3) and not any(_[0].upper() == HTTP_HEADER.REFERER.upper() for _ in conf.httpHeaders): debugMsg = "setting the HTTP Referer header to the target URL" logger.debug(debugMsg) conf.httpHeaders = [_ for _ in conf.httpHeaders if _[0] != HTTP_HEADER.REFERER] conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url.replace(kb.customInjectionMark, ""))) - if (intersect(HOST_ALIASES, conf.testParameter, True) or conf.level >= 5) and not any(_[0] == HTTP_HEADER.HOST for _ in conf.httpHeaders): + if (intersect(HOST_ALIASES, conf.testParameter, True) or conf.level >= 5) and not any(_[0].upper() == HTTP_HEADER.HOST.upper() for _ in conf.httpHeaders): debugMsg = "setting the HTTP Host header to the target URL" logger.debug(debugMsg) conf.httpHeaders = [_ for _ in conf.httpHeaders if _[0] != HTTP_HEADER.HOST] @@ -5169,6 +5169,11 @@ def parseRequestFile(reqFile, checkParams=True): key, value = line.split(":", 1) value = value.strip().replace("\r", "").replace("\n", "") + # Note: overriding values with --headers '...' + match = re.search(r"(?i)\b(%s): ([^\n]*)" % re.escape(key), conf.headers or "") + if match: + key, value = match.groups() + # Cookie and Host headers if key.upper() == HTTP_HEADER.COOKIE.upper(): cookie = value diff --git a/lib/core/settings.py b/lib/core/settings.py index e62fd06fd..125db70d6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.2.36" +VERSION = "1.4.2.37" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)