sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor patch for custom injection into HTTP Authorization header

Browse Source
This commit is contained in:
Miroslav Stampar 2015-04-22 10:28:16 +02:00
parent c5138d4696
commit 95b52a02ec
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/agent.py
View File

@ -28,6 +28,7 @@ from lib.core.data import queries
from lib.core.dicts import DUMP_DATA_PREPROCESS from lib.core.dicts import DUMP_DATA_PREPROCESS
from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.dicts import FROM_DUMMY_TABLE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import HTTP_HEADER
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.enums import POST_HINT from lib.core.enums import POST_HINT
@ -114,6 +115,11 @@ class Agent(object):
match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue) match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
if match: if match:
origValue = match.group("value") origValue = match.group("value")
elif ',' in paramString:
header = paramString.split(',')[0]
if header.upper() == HTTP_HEADER.AUTHORIZATION.upper():
origValue = origValue.split(' ')[-1]
if conf.prefix: if conf.prefix:
value = origValue value = origValue