now union technique parses headers too

2025-02-03 13:14:13 +03:00 · 2011-01-31 12:41:39 +00:00 · 2011-01-31 12:41:39 +00:00 · 60a2364f2b
commit 60a2364f2b
parent 8ef47307db
4 changed files with 22 additions and 11 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -205,3 +205,6 @@ BURP_SPLITTER = "======================================================"

 # Encoding used for Unicode data
 UNICODE_ENCODING = "utf8"
+
+# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
+URI_HTTP_HEADER = "URI"
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -40,6 +40,7 @@ from lib.core.enums import PLACE
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.settings import MIN_TIME_RESPONSES
+from lib.core.settings import URI_HTTP_HEADER
 from lib.core.threads import getCurrentThreadData
 from lib.request.basic import decodePage
 from lib.request.basic import forgeHeaders
@ -257,6 +258,7 @@ class Connect:
            try:
                page = e.read()
                responseHeaders = e.info()
+                responseHeaders[URI_HTTP_HEADER] = e.geturl()
                page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type"))
            except socket.timeout:
                warnMsg  = "connection timed out while trying "
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@ -11,11 +11,12 @@ import re
 import time

 from lib.core.agent import agent
+from lib.core.common import Backend
 from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
-from lib.core.common import Backend
 from lib.core.common import extractRegexResult
 from lib.core.common import getUnicode
+from lib.core.common import listToStrValue
 from lib.core.common import parseUnionPage
 from lib.core.common import randomStr
 from lib.core.data import conf
@ -48,9 +49,10 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
        payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)

        # Perform the request
-        resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
+        page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
+        content = "%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")

-        if resultPage and phrase in resultPage:
+        if content and phrase in content:
            validPayload = payload
            vector = (position, count, comment, prefix, suffix, conf.uChar, where)

@ -66,9 +68,10 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
                payload = agent.payload(place=place, parameter=parameter, newValue=query, where=2)

                # Perform the request
-                resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
+                page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
+                content = "%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")

-                if resultPage and ((phrase in resultPage and phrase2 not in resultPage) or (phrase not in resultPage and phrase2 in resultPage)):
+                if content and ((phrase in content and phrase2 not in content) or (phrase not in content and phrase2 in content)):
                    vector = (position, count, comment, prefix, suffix, conf.uChar, 2)

            break
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -11,11 +11,12 @@ import re
 import time

 from lib.core.agent import agent
-from lib.core.common import calculateDeltaSeconds
 from lib.core.common import Backend
+from lib.core.common import calculateDeltaSeconds
 from lib.core.common import getUnicode
 from lib.core.common import initTechnique
 from lib.core.common import isNumPosStrValue
+from lib.core.common import listToStrValue
 from lib.core.common import parseUnionPage
 from lib.core.data import conf
 from lib.core.data import kb
@ -247,17 +248,19 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
        payload = agent.payload(newValue=query)

        # Perform the request
-        resultPage, _ = Request.queryPage(payload, content=True)
+        page, headers = Request.queryPage(payload, content=True, raise404=False)
+        content = "%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")
+
        reqCount += 1

-        if kb.misc.start not in resultPage or kb.misc.stop not in resultPage:
+        if kb.misc.start not in content or kb.misc.stop not in content:
            return

        # Parse the returned page to get the exact inband
        # sql injection output
-        startPosition = resultPage.index(kb.misc.start)
-        endPosition = resultPage.rindex(kb.misc.stop) + len(kb.misc.stop)
-        value = getUnicode(resultPage[startPosition:endPosition])
+        startPosition = content.index(kb.misc.start)
+        endPosition = content.rindex(kb.misc.stop) + len(kb.misc.stop)
+        value = getUnicode(content[startPosition:endPosition])

        duration = calculateDeltaSeconds(start)