From 73b0de67b561f156c31c549586e06e48cdbe1cda Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 29 Jun 2018 22:37:57 +0200 Subject: [PATCH] Fixes #3149 --- lib/core/settings.py | 2 +- lib/request/redirecthandler.py | 20 ++++++++++++++------ txt/checksum.md5 | 4 ++-- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 784376541..8096eb6f6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.38" +VERSION = "1.2.6.39" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 1642991f3..6d87937f2 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -5,7 +5,6 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ -import re import time import types import urllib2 @@ -124,12 +123,21 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler): req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl) if headers and HTTP_HEADER.SET_COOKIE in headers: + cookies = dict() delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER - _ = headers[HTTP_HEADER.SET_COOKIE].split(delimiter)[0] - if HTTP_HEADER.COOKIE not in req.headers: - req.headers[HTTP_HEADER.COOKIE] = _ - else: - req.headers[HTTP_HEADER.COOKIE] = re.sub(r"%s{2,}" % delimiter, delimiter, ("%s%s%s" % (re.sub(r"\b%s=[^%s]*%s?" % (re.escape(_.split('=')[0]), delimiter, delimiter), "", req.headers[HTTP_HEADER.COOKIE]), delimiter, _)).strip(delimiter)) + last = None + + for part in req.headers.get(HTTP_HEADER.COOKIE, "").split(delimiter) + headers.getheaders(HTTP_HEADER.SET_COOKIE): + if '=' in part: + part = part.strip() + key, value = part.split('=', 1) + cookies[key] = value + last = key + elif last: + cookies[key] += "%s%s" % (delimiter, part) + + req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies) + try: result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers) except urllib2.HTTPError, e: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f81308677..19a6f867d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -cf3cd30872fdf466ebad56e425c72376 lib/core/settings.py +76d92cc81e93bb60ee7f5948dea88678 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -79,7 +79,7 @@ c2fb1abbb7127ec6419bbf852c0a458d lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py 2c3774b72586985719035b195f144d7b lib/request/rangehandler.py -aa809d825b33bea76a63ecd97cf7792c lib/request/redirecthandler.py +0d0567907afa2aa1493fb90ce09edfc0 lib/request/redirecthandler.py 7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py 747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py