mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Minor patch for custom injection into HTTP Authorization header
This commit is contained in:
parent
c5138d4696
commit
95b52a02ec
|
@ -28,6 +28,7 @@ from lib.core.data import queries
|
||||||
from lib.core.dicts import DUMP_DATA_PREPROCESS
|
from lib.core.dicts import DUMP_DATA_PREPROCESS
|
||||||
from lib.core.dicts import FROM_DUMMY_TABLE
|
from lib.core.dicts import FROM_DUMMY_TABLE
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
|
from lib.core.enums import HTTP_HEADER
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
from lib.core.enums import PLACE
|
from lib.core.enums import PLACE
|
||||||
from lib.core.enums import POST_HINT
|
from lib.core.enums import POST_HINT
|
||||||
|
@ -114,6 +115,11 @@ class Agent(object):
|
||||||
match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
|
match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
|
||||||
if match:
|
if match:
|
||||||
origValue = match.group("value")
|
origValue = match.group("value")
|
||||||
|
elif ',' in paramString:
|
||||||
|
header = paramString.split(',')[0]
|
||||||
|
|
||||||
|
if header.upper() == HTTP_HEADER.AUTHORIZATION.upper():
|
||||||
|
origValue = origValue.split(' ')[-1]
|
||||||
|
|
||||||
if conf.prefix:
|
if conf.prefix:
|
||||||
value = origValue
|
value = origValue
|
||||||
|
|
Loading…
Reference in New Issue
Block a user