From aaebb4336e6d240ad806d1062fc17dfa5fa07521 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 18 Oct 2010 08:54:08 +0000 Subject: [PATCH] fix for Bug #202 --- lib/core/option.py | 1 + lib/core/target.py | 1 + lib/request/connect.py | 10 ++++++++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 88237d16e..8d15a6484 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1031,6 +1031,7 @@ def __setKnowledgeBaseAttributes(): kb.absFilePaths = set() kb.assumeEmpty = False + kb.authHeader = None kb.bannerFp = advancedDict() kb.cache = advancedDict() diff --git a/lib/core/target.py b/lib/core/target.py index 8fdff3cf2..59f6dd0c5 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -286,6 +286,7 @@ def initTargetEnv(): conf.parameters = {} conf.sessionFile = None + kb.authHeader = None kb.dbms = None kb.dbmsDetected = False kb.dbmsVersion = [ "Unknown" ] diff --git a/lib/request/connect.py b/lib/request/connect.py index 101c6e574..3a6717556 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -121,6 +121,9 @@ class Connect: headers["Referer"] = "%s://%s" % (conf.scheme, conf.hostname) + if kb.authHeader: + headers["Authorization"] = kb.authHeader + if auxHeaders: for key, item in auxHeaders.items(): headers[key] = item @@ -140,10 +143,10 @@ class Connect: for _, cookie in enumerate(conf.cj): if not cookieStr: cookieStr = "Cookie: " - + cookie = getUnicode(cookie) index = cookie.index(" for ") - + cookieStr += "%s; " % cookie[8:index] if not req.has_header("Cookie") and cookieStr: @@ -163,6 +166,9 @@ class Connect: conn = urllib2.urlopen(req) + if req.has_header("Authorization"): + kb.authHeader = req.headers["Authorization"] + if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled: msg = "sqlmap got a %d redirect to " % conn.redcode msg += "%s - What target address do you " % conn.redurl