sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for redirect/HOST header bug

Browse Source
This commit is contained in:
Miroslav Stampar 2011-11-11 11:28:27 +00:00
parent 1061c06617
commit ccbd93cc2e
4 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -648,6 +648,9 @@ Phil P <@superevr>
ragos <ragos@joker.ms>
for reporting a minor bug
rmillet <rmillet42@gmail.com>
for reporting a bug
shiftzwei <shiftzwei@gmail.com>
for reporting a couple of bugs

8
lib/core/common.py
View File

@ -3127,4 +3127,12 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
for target in retVal:
kb.targetUrls.add(target)
return retVal
def getHostHeader(url):
retVal = urlparse.urlparse(url).netloc
if any(map(lambda x: retVal.endswith(':%d' % x), [80, 443])):
retVal = retVal.split(':')[0]
return retVal

6
lib/request/connect.py
View File

@ -25,6 +25,7 @@ from lib.core.common import cpuThrottle
from lib.core.common import extractRegexResult
from lib.core.common import getCurrentThreadData
from lib.core.common import getFilteredPageContent
from lib.core.common import getHostHeader
from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic
from lib.core.common import parseTargetUrl
@ -234,10 +235,7 @@ class Connect:
headers[HTTPHEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
headers[HTTPHEADER.HOST] = urlparse.urlparse(url).netloc
if any(map(lambda x: headers[HTTPHEADER.HOST].endswith(':%d' % x), [80, 443])):
headers[HTTPHEADER.HOST] = headers[HTTPHEADER.HOST].split(':')[0]
headers[HTTPHEADER.HOST] = getHostHeader(url)
if auxHeaders:
for key, item in auxHeaders.items():

23
lib/request/redirecthandler.py
View File

@ -12,6 +12,7 @@ import urlparse
from lib.core.data import conf
from lib.core.data import logger
from lib.core.common import getHostHeader
from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic
from lib.core.enums import HTTPHEADER
@ -28,6 +29,16 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
# assuming we're in a loop
max_redirections = 10
def _get_header_redirect(self, headers):
retVal = None
if "location" in headers:
retVal = headers.getheaders("location")[0].split("?")[0]
elif "uri" in headers:
retVal = headers.getheaders("uri")[0].split("?")[0]
return retVal
def common_http_redirect(self, result, headers, code, content, msg):
content = decodePage(content, headers.get(HTTPHEADER.CONTENT_ENCODING), headers.get(HTTPHEADER.CONTENT_TYPE))
@ -49,10 +60,8 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
logger.log(7, responseMsg)
if result:
if "location" in headers:
result.redurl = headers.getheaders("location")[0].split("?")[0]
elif "uri" in headers:
result.redurl = headers.getheaders("uri")[0].split("?")[0]
if self._get_header_redirect(headers):
result.redurl = self._get_header_redirect(headers)
if hasattr(result, 'redurl'):
if not urlparse.urlsplit(result.redurl).netloc:
@ -76,6 +85,9 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
dbgMsg += "redirect response content (%s)" % msg
logger.debug(dbgMsg)
if self._get_header_redirect(headers):
req.headers[HTTPHEADER.HOST] = getHostHeader(self._get_header_redirect(headers))
result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers)
return self.common_http_redirect(result, headers, code, content, msg)
@ -90,6 +102,9 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
dbgMsg += "redirect response content (%s)" % msg
logger.debug(dbgMsg)
if self._get_header_redirect(headers):
req.headers[HTTPHEADER.HOST] = getHostHeader(self._get_header_redirect(headers))
result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
return self.common_http_redirect(result, headers, code, content, msg)