diff --git a/lib/core/option.py b/lib/core/option.py index 1f37b48e9..288213acf 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1071,7 +1071,7 @@ def _setSafeVisit(): key, value = line.split(':', 1) value = value.strip() kb.safeReq.headers[key] = value - if key == HTTP_HEADER.HOST: + if key.upper() == HTTP_HEADER.HOST.upper(): if not value.startswith("http"): scheme = "http" if value.endswith(":443"): @@ -1303,7 +1303,7 @@ def _setHTTPUserAgent(): _ = True for header, _ in conf.httpHeaders: - if header == HTTP_HEADER.USER_AGENT: + if header.upper() == HTTP_HEADER.USER_AGENT.upper(): _ = False break diff --git a/lib/core/settings.py b/lib/core/settings.py index 7f1caee5c..af0dd39da 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.16" +VERSION = "1.2.11.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 2a6926816..a89c0c891 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -346,7 +346,7 @@ def _setRequestParams(): # Url encoding of the header values should be avoided # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value - if httpHeader.title() == HTTP_HEADER.USER_AGENT: + if httpHeader.upper() == HTTP_HEADER.USER_AGENT.upper(): conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue) condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES, True))) @@ -355,7 +355,7 @@ def _setRequestParams(): conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue} testableParameters = True - elif httpHeader.title() == HTTP_HEADER.REFERER: + elif httpHeader.upper() == HTTP_HEADER.REFERER.upper(): conf.parameters[PLACE.REFERER] = urldecode(headerValue) condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES, True))) @@ -364,7 +364,7 @@ def _setRequestParams(): conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue} testableParameters = True - elif httpHeader.title() == HTTP_HEADER.HOST: + elif httpHeader.upper() == HTTP_HEADER.HOST.upper(): conf.parameters[PLACE.HOST] = urldecode(headerValue) condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES, True))) diff --git a/lib/request/connect.py b/lib/request/connect.py index c3526fd3f..056baa716 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -866,10 +866,10 @@ class Connect(object): value = agent.replacePayload(value, payload) else: # GET, POST, URI and Cookie payload needs to be thoroughly URL encoded - if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and postUrlEncode: + if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper()) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and postUrlEncode: skip = False - if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE: + if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper(): if kb.cookieEncodeChoice is None: msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]") # Reference: https://support.microsoft.com/en-us/kb/313282 kb.cookieEncodeChoice = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N', boolean=True) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b1cb919bb..a24e0c086 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -42,17 +42,17 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -d6dace6468ed5d2bbd500b0a244a9650 lib/core/option.py +c6a8223fbc1dad784d4ae6377e737a97 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -342e732d0772891804c7609578176997 lib/core/settings.py +3f8cf314028234cb8c60c66a915da2e2 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -721198b5be72c8015a02acb116532a1f lib/core/target.py +52642badbbca4c31a2fcdd754d67a983 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py cd0067d1798e45f422ce44b98baf57db lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -d21e3452240ae3e59dfeb05fabc9ea14 lib/request/connect.py +0113525b321d0d35cf973a9cff34850a lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py