Minor preparation for an Issue #48

2025-02-09 08:00:36 +03:00 · 2012-07-26 12:26:57 +02:00 · 2012-07-26 12:26:57 +02:00 · b3552494c4
commit b3552494c4
parent 3e9f1fe410
6 changed files with 16 additions and 13 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -460,7 +460,7 @@ def checkSqlInjection(place, parameter, value):
                        # Feed with the boundaries details only the first time a
                        # test has been successful
                        if injection.place is None or injection.parameter is None:
-                            if place in (PLACE.UA, PLACE.REFERER, PLACE.HOST):
+                            if place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
                                injection.parameter = place
                            else:
                                injection.parameter = parameter
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -378,7 +378,7 @@ def start():
                for place in parameters:
                    # Test User-Agent and Referer headers only if
                    # --level >= 3
-                    skip = (place == PLACE.UA and conf.level < 3)
+                    skip = (place == PLACE.USER_AGENT and conf.level < 3)
                    skip |= (place == PLACE.REFERER and conf.level < 3)
                    # Test Host header only if
@ -388,11 +388,11 @@ def start():
                    # Test Cookie header only if --level >= 2
                    skip |= (place == PLACE.COOKIE and conf.level < 2)
-                    skip |= (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))
+                    skip |= (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))
                    skip |= (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.skip, True) not in ([], None))
                    skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None))
-                    skip &= not (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
+                    skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
                    skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True))
                    skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True))
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -118,7 +118,7 @@ class Agent:
            retVal = ET.tostring(root)
        elif place in (PLACE.URI, PLACE.CUSTOM_POST):
            retVal = paramString.replace("%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR), self.addPayloadDelimiters(newValue))
-        elif place in (PLACE.UA, PLACE.REFERER, PLACE.HOST):
+        elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
            retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
        else:
            retVal = paramString.replace("%s=%s" % (parameter, origValue),
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -61,7 +61,7 @@ class PLACE:
    SOAP = "SOAP"
    URI = "URI"
    COOKIE = "Cookie"
-    UA = "User-Agent"
+    USER_AGENT = "User-Agent"
    REFERER = "Referer"
    HOST = "Host"
    CUSTOM_POST = "(custom) POST"
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -26,6 +26,7 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.dump import dumper
 from lib.core.enums import HASHDB_KEYS
 from lib.core.enums import HTTPHEADER
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import PLACE
 from lib.core.exception import sqlmapFilePathException
@ -158,16 +159,18 @@ def __setRequestParams():
            # Url encoding of the header values should be avoided
            # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
-            if httpHeader == PLACE.UA:
+            httpHeader = "-".join(_.capitalize() for _ in (httpHeader or "").split("-"))
-                conf.parameters[PLACE.UA] = urldecode(headerValue)
+
            if httpHeader == HTTPHEADER.USER_AGENT:
                conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
                condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
                if condition:
-                    conf.paramDict[PLACE.UA] = {PLACE.UA: headerValue}
+                    conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
                    testableParameters = True
-            elif httpHeader == PLACE.REFERER:
+            elif httpHeader == HTTPHEADER.REFERER:
                conf.parameters[PLACE.REFERER] = urldecode(headerValue)
                condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
@ -176,7 +179,7 @@ def __setRequestParams():
                    conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
                    testableParameters = True
-            elif httpHeader == PLACE.HOST:
+            elif httpHeader == HTTPHEADER.HOST:
                conf.parameters[PLACE.HOST] = urldecode(headerValue)
                condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -595,8 +595,8 @@ class Connect:
        if PLACE.COOKIE in conf.parameters:
            cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value
-        if PLACE.UA in conf.parameters:
+        if PLACE.USER_AGENT in conf.parameters:
-            ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value
+            ua = conf.parameters[PLACE.USER_AGENT] if place != PLACE.USER_AGENT or not value else value
        if PLACE.REFERER in conf.parameters:
            referer = conf.parameters[PLACE.REFERER] if place != PLACE.REFERER or not value else value