diff --git a/lib/controller/controller.py b/lib/controller/controller.py index cca867e7e..6e59f5f38 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -237,7 +237,6 @@ def start(): else: raise sqlmapNotVulnerableException, "all parameters are not injectable" - return if injDataSelected == "Quit": return @@ -246,7 +245,7 @@ def start(): kb.injPlace, kb.injParameter, kb.injType = injDataSelected setInjection() - elif kb.injPlace and kb.injParameter and kb.injType: + if kb.injPlace and kb.injParameter and kb.injType: if conf.multipleTargets: message = "do you want to exploit this SQL injection? [Y/n] " exploit = readInput(message, default="Y") diff --git a/lib/core/option.py b/lib/core/option.py index f3182cdb9..694a2154c 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -957,6 +957,7 @@ def __setConfAttributes(): conf.path = None conf.port = None conf.progressWidth = 54 + conf.redirectHandled = False conf.retriesCount = 0 conf.scheme = None #conf.seqMatcher = difflib.SequenceMatcher(lambda x: x in " \t") diff --git a/lib/request/connect.py b/lib/request/connect.py index 3742bf521..efe549579 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -31,6 +31,7 @@ import urlparse import traceback from lib.contrib import multipartpost +from lib.core.common import readInput from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb @@ -125,12 +126,24 @@ class Connect: req = urllib2.Request(url, post, headers) conn = urllib2.urlopen(req) - if hasattr(conn, "redurl"): - infoMsg = "connection redirected, going to use " - infoMsg += "%s as target address" % conn.redurl - logger.info(infoMsg) + if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled: + msg = "sqlmap got a %d redirect to " % conn.redcode + msg += "%s - What target address do you " % conn.redurl + msg += "want to use from now on? %s " % conf.url + msg += "(default) or provide another target address based " + msg += "also on the redirection got from the application\n" - conf.url = conn.redurl + while True: + choice = readInput(msg, default="1") + + if not choice or choice == "1": + pass + else: + conf.url = choice + + break + + conf.redirectHandled = True return Connect.__getPageProxy(**kwargs) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index e775b58f0..c0ba766f0 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -25,22 +25,20 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import urllib2 class SmartRedirectHandler(urllib2.HTTPRedirectHandler): - def http_error_301(self, req, fp, code, msg, headers): - result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers) - + def common_http_redirect(self, result, headers, code): if "location" in headers: result.redurl = headers.getheaders("location")[0].split("?")[0] elif "uri" in headers: result.redurl = headers.getheaders("uri")[0].split("?")[0] + result.redcode = code + return result + def http_error_301(self, req, fp, code, msg, headers): + result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers) + return self.common_http_redirect(result, headers, code) + def http_error_302(self, req, fp, code, msg, headers): result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers) - - if "location" in headers: - result.redurl = headers.getheaders("location")[0].split("?")[0] - elif "uri" in headers: - result.redurl = headers.getheaders("uri")[0].split("?")[0] - - return result + return self.common_http_redirect(result, headers, code)