now union technique parses headers too

lib/core/settings.py

@@ -205,3 +205,6 @@ BURP_SPLITTER = "======================================================"
 
 # Encoding used for Unicode data
 UNICODE_ENCODING = "utf8"
+
+# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
+URI_HTTP_HEADER = "URI"

lib/request/connect.py

@@ -40,6 +40,7 @@ from lib.core.enums import PLACE
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.settings import MIN_TIME_RESPONSES
+from lib.core.settings import URI_HTTP_HEADER
 from lib.core.threads import getCurrentThreadData
 from lib.request.basic import decodePage
 from lib.request.basic import forgeHeaders
@@ -257,6 +258,7 @@ class Connect:
             try:
                 page = e.read()
                 responseHeaders = e.info()
+                responseHeaders[URI_HTTP_HEADER] = e.geturl()
                 page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type"))
             except socket.timeout:
                 warnMsg  = "connection timed out while trying "

lib/techniques/inband/union/test.py

@@ -11,11 +11,12 @@ import re
 import time
 
 from lib.core.agent import agent
+from lib.core.common import Backend
 from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
-from lib.core.common import Backend
 from lib.core.common import extractRegexResult
 from lib.core.common import getUnicode
+from lib.core.common import listToStrValue
 from lib.core.common import parseUnionPage
 from lib.core.common import randomStr
 from lib.core.data import conf
@@ -48,9 +49,10 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
         payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
 
         # Perform the request
-        resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
+        page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
+        content = "%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")
 
-        if resultPage and phrase in resultPage:
+        if content and phrase in content:
             validPayload = payload
             vector = (position, count, comment, prefix, suffix, conf.uChar, where)
 
@@ -66,9 +68,10 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
                 payload = agent.payload(place=place, parameter=parameter, newValue=query, where=2)
 
                 # Perform the request
-                resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
+                page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
+                content = "%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")
 
-                if resultPage and ((phrase in resultPage and phrase2 not in resultPage) or (phrase not in resultPage and phrase2 in resultPage)):
+                if content and ((phrase in content and phrase2 not in content) or (phrase not in content and phrase2 in content)):
                     vector = (position, count, comment, prefix, suffix, conf.uChar, 2)
 
             break

lib/techniques/inband/union/use.py

@@ -11,11 +11,12 @@ import re
 import time
 
 from lib.core.agent import agent
-from lib.core.common import calculateDeltaSeconds
 from lib.core.common import Backend
+from lib.core.common import calculateDeltaSeconds
 from lib.core.common import getUnicode
 from lib.core.common import initTechnique
 from lib.core.common import isNumPosStrValue
+from lib.core.common import listToStrValue
 from lib.core.common import parseUnionPage
 from lib.core.data import conf
 from lib.core.data import kb
@@ -247,17 +248,19 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
         payload = agent.payload(newValue=query)
 
         # Perform the request
-        resultPage, _ = Request.queryPage(payload, content=True)
+        page, headers = Request.queryPage(payload, content=True, raise404=False)
+        content = "%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")
+
         reqCount += 1
 
-        if kb.misc.start not in resultPage or kb.misc.stop not in resultPage:
+        if kb.misc.start not in content or kb.misc.stop not in content:
             return
 
         # Parse the returned page to get the exact inband
         # sql injection output
-        startPosition = resultPage.index(kb.misc.start)
+        startPosition = content.index(kb.misc.start)
-        endPosition = resultPage.rindex(kb.misc.stop) + len(kb.misc.stop)
+        endPosition = content.rindex(kb.misc.stop) + len(kb.misc.stop)
-        value = getUnicode(resultPage[startPosition:endPosition])
+        value = getUnicode(content[startPosition:endPosition])
 
         duration = calculateDeltaSeconds(start)