few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")

2025-12-09 06:01:29 +00:00 · 2011-07-06 05:44:47 +00:00
parent b8ffcf9495
commit 93b296e02c
12 changed files with 146 additions and 61 deletions
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -27,6 +27,7 @@ from lib.core.common import singleTimeLogMessage
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.exception import sqlmapDataException
 from lib.core.settings import ML
 from lib.core.settings import META_CHARSET_REGEX
 from lib.core.settings import UNICODE_ENCODING
@@ -172,7 +173,12 @@ def decodePage(page, contentEncoding, contentType):
        else:
            data = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(page))

-        page = data.read()
+        try:
+            page = data.read()
+        except Exception, msg:
+            errMsg = "detected invalid data for declared content "
+            errMsg += "encoding '%s' ('%s')" % (contentEncoding, msg)
+            singleTimeLogMessage(errMsg, logging.ERROR)

    if not conf.charset:
        httpCharset, metaCharset = None, None
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -45,6 +45,7 @@ from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
+from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
 from lib.core.settings import HTTP_SILENT_TIMEOUT
 from lib.core.settings import META_REFRESH_REGEX
 from lib.core.settings import IS_WIN
@@ -224,6 +225,8 @@ class Connect:
            if kb.proxyAuthHeader:
                headers[HTTPHEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader

+            headers[HTTPHEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
+
            headers[HTTPHEADER.HOST] = urlparse.urlparse(url).netloc

            if any(map(lambda x: headers[HTTPHEADER.HOST].endswith(':%d' % x), [80, 443])):
@@ -498,10 +501,11 @@ class Connect:
        page = None
        pageLength = None
        uri = None
-        raise404 = place != PLACE.URI if raise404 is None else raise404

        if not place:
-            place = kb.injection.place
+            place = kb.injection.place or PLACE.GET
+
+        raise404 = place != PLACE.URI if raise404 is None else raise404

        payload = agent.extractPayload(value)
        threadData = getCurrentThreadData()