From d1426a023fb23d8247d5c489d7fa441145925abc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 14 Dec 2018 10:09:40 +0100 Subject: [PATCH] Fixes #3408 --- lib/core/settings.py | 2 +- lib/request/connect.py | 5 +++-- txt/checksum.md5 | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0754e42e6..54cb90a4d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.14" +VERSION = "1.2.12.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 37ec0fc1e..8dfe94383 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -994,9 +994,10 @@ class Connect(object): token.value = "".join(chr(int(_)) for _ in match.group(1).replace(' ', "").split(',')) if not token: - if conf.csrfUrl != conf.url and code == httplib.OK: + if conf.csrfUrl and conf.csrfToken and conf.csrfUrl != conf.url and code == httplib.OK: if headers and "text/plain" in headers.get(HTTP_HEADER.CONTENT_TYPE, ""): - token = page + token.name = conf.csrfToken + token.value = page if not token and conf.cj and any(re.search(conf.csrfToken, _.name, re.I) for _ in conf.cj): for _ in conf.cj: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index aa6ea1a8b..17ac233f3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0c0d9162f3ec64208c203e7b7e7aaf01 lib/core/settings.py +622797ad77a9cff4effe49b046170d50 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -9eb0cc48e7e4779e44f1641aa7d39a4d lib/request/connect.py +40c4cc791ec657b612ccecf5b3241651 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py @@ -478,7 +478,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml 385570003bf7d84f2502191eae8268c6 xml/boundaries.xml -e7c893dd4f3f1d6b5b6f5ffd717d38cc xml/errors.xml +78de3436ae5ad4b3882d59079f2012e4 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml