PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

fix for redirect/HOST header bug

Browse Source
This commit is contained in:
Miroslav Stampar
2011-11-11 11:28:27 +00:00
parent 1061c06617
commit ccbd93cc2e
4 changed files with 32 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
lib/request/redirecthandler.py
View File

@@ -12,6 +12,7 @@ import urlparse
from lib.core.data import conf
from lib.core.data import logger
from lib.core.common import getHostHeader
from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic
from lib.core.enums import HTTPHEADER
@@ -28,6 +29,16 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
# assuming we're in a loop
max_redirections = 10
def _get_header_redirect(self, headers):
retVal = None
if "location" in headers:
retVal = headers.getheaders("location")[0].split("?")[0]
elif "uri" in headers:
retVal = headers.getheaders("uri")[0].split("?")[0]
return retVal
def common_http_redirect(self, result, headers, code, content, msg):
content = decodePage(content, headers.get(HTTPHEADER.CONTENT_ENCODING), headers.get(HTTPHEADER.CONTENT_TYPE))
@@ -49,10 +60,8 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
logger.log(7, responseMsg)
if result:
if "location" in headers:
result.redurl = headers.getheaders("location")[0].split("?")[0]
elif "uri" in headers:
result.redurl = headers.getheaders("uri")[0].split("?")[0]
if self._get_header_redirect(headers):
result.redurl = self._get_header_redirect(headers)
if hasattr(result, 'redurl'):
if not urlparse.urlsplit(result.redurl).netloc:
@@ -76,6 +85,9 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
dbgMsg += "redirect response content (%s)" % msg
logger.debug(dbgMsg)
if self._get_header_redirect(headers):
req.headers[HTTPHEADER.HOST] = getHostHeader(self._get_header_redirect(headers))
result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers)
return self.common_http_redirect(result, headers, code, content, msg)
@@ -90,6 +102,9 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
dbgMsg += "redirect response content (%s)" % msg
logger.debug(dbgMsg)
if self._get_header_redirect(headers):
req.headers[HTTPHEADER.HOST] = getHostHeader(self._get_header_redirect(headers))
result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
return self.common_http_redirect(result, headers, code, content, msg)