Minor patch for custom injection into HTTP Authorization header

2024-11-22 09:36:35 +03:00 · 2015-04-22 10:28:16 +02:00 · 2015-04-22 10:28:16 +02:00 · 95b52a02ec
commit 95b52a02ec
parent c5138d4696
1 changed files with 6 additions and 0 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -28,6 +28,7 @@ from lib.core.data import queries
 from lib.core.dicts import DUMP_DATA_PREPROCESS
 from lib.core.dicts import FROM_DUMMY_TABLE
 from lib.core.enums import DBMS
+from lib.core.enums import HTTP_HEADER
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.enums import POST_HINT
@ -114,6 +115,11 @@ class Agent(object):
            match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
            if match:
                origValue = match.group("value")
+            elif ',' in paramString:
+                header = paramString.split(',')[0]
+
+                if header.upper() == HTTP_HEADER.AUTHORIZATION.upper():
+                    origValue = origValue.split(' ')[-1]

        if conf.prefix:
            value = origValue