sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for redirect/HOST header bug

Browse Source
This commit is contained in:
Miroslav Stampar 2011-11-11 11:28:27 +00:00
parent 1061c06617
commit ccbd93cc2e
4 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -648,6 +648,9 @@ Phil P <@superevr>
ragos <ragos@joker.ms> ragos <ragos@joker.ms>
for reporting a minor bug for reporting a minor bug
rmillet <rmillet42@gmail.com>
for reporting a bug
shiftzwei <shiftzwei@gmail.com> shiftzwei <shiftzwei@gmail.com>
for reporting a couple of bugs for reporting a couple of bugs

8
lib/core/common.py
View File

@ -3127,4 +3127,12 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
for target in retVal: for target in retVal:
kb.targetUrls.add(target) kb.targetUrls.add(target)
return retVal
def getHostHeader(url):
retVal = urlparse.urlparse(url).netloc
if any(map(lambda x: retVal.endswith(':%d' % x), [80, 443])):
retVal = retVal.split(':')[0]
return retVal return retVal

6
lib/request/connect.py
View File

@ -25,6 +25,7 @@ from lib.core.common import cpuThrottle
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import getCurrentThreadData from lib.core.common import getCurrentThreadData
from lib.core.common import getFilteredPageContent from lib.core.common import getFilteredPageContent
from lib.core.common import getHostHeader
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic from lib.core.common import logHTTPTraffic
from lib.core.common import parseTargetUrl from lib.core.common import parseTargetUrl
@ -234,10 +235,7 @@ class Connect:
headers[HTTPHEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE headers[HTTPHEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
headers[HTTPHEADER.HOST] = urlparse.urlparse(url).netloc headers[HTTPHEADER.HOST] = getHostHeader(url)
if any(map(lambda x: headers[HTTPHEADER.HOST].endswith(':%d' % x), [80, 443])):
headers[HTTPHEADER.HOST] = headers[HTTPHEADER.HOST].split(':')[0]
if auxHeaders: if auxHeaders:
for key, item in auxHeaders.items(): for key, item in auxHeaders.items():

23
lib/request/redirecthandler.py
View File

@ -12,6 +12,7 @@ import urlparse
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.common import getHostHeader
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic from lib.core.common import logHTTPTraffic
from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPHEADER
@ -28,6 +29,16 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
# assuming we're in a loop # assuming we're in a loop
max_redirections = 10 max_redirections = 10
def _get_header_redirect(self, headers):
retVal = None
if "location" in headers:
retVal = headers.getheaders("location")[0].split("?")[0]
elif "uri" in headers:
retVal = headers.getheaders("uri")[0].split("?")[0]
return retVal
def common_http_redirect(self, result, headers, code, content, msg): def common_http_redirect(self, result, headers, code, content, msg):
content = decodePage(content, headers.get(HTTPHEADER.CONTENT_ENCODING), headers.get(HTTPHEADER.CONTENT_TYPE)) content = decodePage(content, headers.get(HTTPHEADER.CONTENT_ENCODING), headers.get(HTTPHEADER.CONTENT_TYPE))
@ -49,10 +60,8 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
logger.log(7, responseMsg) logger.log(7, responseMsg)
if result: if result:
if "location" in headers: if self._get_header_redirect(headers):
result.redurl = headers.getheaders("location")[0].split("?")[0] result.redurl = self._get_header_redirect(headers)
elif "uri" in headers:
result.redurl = headers.getheaders("uri")[0].split("?")[0]
if hasattr(result, 'redurl'): if hasattr(result, 'redurl'):
if not urlparse.urlsplit(result.redurl).netloc: if not urlparse.urlsplit(result.redurl).netloc:
@ -76,6 +85,9 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
dbgMsg += "redirect response content (%s)" % msg dbgMsg += "redirect response content (%s)" % msg
logger.debug(dbgMsg) logger.debug(dbgMsg)
if self._get_header_redirect(headers):
req.headers[HTTPHEADER.HOST] = getHostHeader(self._get_header_redirect(headers))
result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers) result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers)
return self.common_http_redirect(result, headers, code, content, msg) return self.common_http_redirect(result, headers, code, content, msg)
@ -90,6 +102,9 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
dbgMsg += "redirect response content (%s)" % msg dbgMsg += "redirect response content (%s)" % msg
logger.debug(dbgMsg) logger.debug(dbgMsg)
if self._get_header_redirect(headers):
req.headers[HTTPHEADER.HOST] = getHostHeader(self._get_header_redirect(headers))
result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers) result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
return self.common_http_redirect(result, headers, code, content, msg) return self.common_http_redirect(result, headers, code, content, msg)