From 50d25c3b4d18794e7caf5bd4ba1b35a1945e47f4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 13 Feb 2011 21:58:48 +0000
Subject: [PATCH] update regarding explicit testing of ua and referer when
 using -p

---
 lib/controller/controller.py |  6 ++++++
 lib/core/settings.py         |  3 +++
 lib/core/target.py           | 15 +++++----------
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index a1a9815fa..51706b61f 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -22,6 +22,7 @@ from lib.controller.checks import simpletonCheckSqlInjection
 from lib.core.agent import agent
 from lib.core.common import getFilteredPageContent
 from lib.core.common import getUnicode
+from lib.core.common import intersect
 from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
 from lib.core.common import readInput
@@ -38,6 +39,8 @@ from lib.core.exception import sqlmapSilentQuitException
 from lib.core.exception import sqlmapValueException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setInjection
+from lib.core.settings import REFERER_ALIASES
+from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.target import initTargetEnv
 from lib.core.target import setupTargetEnv
 from extra.pagerank.pagerank import get_pagerank
@@ -309,6 +312,9 @@ def start():
                     # Test Cookie header only if --level >= 2
                     condition |= (place == PLACE.COOKIE and conf.level < 2)
 
+                    condition &= not (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.testParameter))
+                    condition &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter))
+
                     if condition:
                         continue
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 141b7a154..6d3bc3947 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -147,6 +147,9 @@ SYBASE_ALIASES      = [ "sybase", "sybase sql server" ]
 SUPPORTED_DBMS      = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES
 SUPPORTED_OS        = ( "linux", "windows" )
 
+REFERER_ALIASES     = ( "ref", "referer", "referrer" )
+USER_AGENT_ALIASES  = ( "ua", "useragent", "user-agent" )
+
 FROM_TABLE          = {
                         DBMS.ORACLE: " FROM DUAL",
                         DBMS.ACCESS: " FROM MSysObjects",
diff --git a/lib/core/target.py b/lib/core/target.py
index 3124a606b..0bf6f3b88 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -14,6 +14,7 @@ import tempfile
 import time
 
 from lib.core.common import dataToSessionFile
+from lib.core.common import intersect
 from lib.core.common import paramToDict
 from lib.core.common import readInput
 from lib.core.convert import urldecode
@@ -31,9 +32,11 @@ from lib.core.exception import sqlmapSyntaxException
 from lib.core.option import __setDBMS
 from lib.core.option import __setKnowledgeBaseAttributes
 from lib.core.session import resumeConfKb
+from lib.core.settings import REFERER_ALIASES
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import URI_INJECTABLE_REGEX
 from lib.core.settings import URI_INJECTION_MARK_CHAR
+from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.xmldump import dumper as xmldumper
 from lib.request.connect import Connect as Request
 
@@ -113,11 +116,7 @@ def __setRequestParams():
                 # No need for url encoding/decoding the user agent
                 conf.parameters[PLACE.UA] = urldecode(headerValue)
 
-                condition  = not conf.testParameter
-                condition |= PLACE.UA in conf.testParameter
-                condition |= "user-agent" in conf.testParameter
-                condition |= "useragent" in conf.testParameter
-                condition |= "ua" in conf.testParameter
+                condition = any([not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)])
 
                 if condition:
                     conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue }
@@ -127,11 +126,7 @@ def __setRequestParams():
                 # No need for url encoding/decoding the referer
                 conf.parameters[PLACE.REFERER] = urldecode(headerValue)
 
-                condition  = not conf.testParameter
-                condition |= PLACE.REFERER in conf.testParameter
-                condition |= "referer" in conf.testParameter
-                condition |= "referrer" in conf.testParameter
-                condition |= "ref" in conf.testParameter
+                condition = any([not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)])
 
                 if condition:
                     conf.paramDict[PLACE.REFERER] = { PLACE.REFERER: headerValue }