Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched)

2025-12-08 21:51:29 +00:00 · 2013-02-28 13:51:08 +01:00
parent aa59266804
commit 9ef79df23d
3 changed files with 3 additions and 10 deletions
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -82,12 +82,6 @@ def forgeHeaders(items=None):
        if kb.testMode:
            resetCookieJar(conf.cj)

-    if kb.redirectSetCookie and not conf.dropSetCookie:
-        if HTTPHEADER.COOKIE in headers:
-            headers[HTTPHEADER.COOKIE] += "%s %s" % (DEFAULT_COOKIE_DELIMITER, kb.redirectSetCookie)
-        else:
-            headers[HTTPHEADER.COOKIE] = kb.redirectSetCookie
-
    return headers

 def parseResponse(page, headers):
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -19,6 +19,7 @@ from lib.core.enums import HTTPHEADER
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import REDIRECTION
 from lib.core.exception import SqlmapConnectionException
+from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
 from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS
@@ -110,13 +111,12 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):

        if redurl and kb.redirectChoice == REDIRECTION.YES:
            req.headers[HTTPHEADER.HOST] = getHostHeader(redurl)
+            if headers and HTTPHEADER.SET_COOKIE in headers:
+                req.headers[HTTPHEADER.COOKIE] = headers[HTTPHEADER.SET_COOKIE].split(DEFAULT_COOKIE_DELIMITER)[0]
            result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
        else:
            result = fp

-        if HTTPHEADER.SET_COOKIE in headers:
-            kb.redirectSetCookie = headers.get(HTTPHEADER.SET_COOKIE).split("; path")[0]
-
        result.redcode = code
        result.redurl = redurl