diff --git a/lib/core/option.py b/lib/core/option.py index 5cd6aaf1d..ec801df99 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1184,6 +1184,7 @@ def __setKnowledgeBaseAttributes(): kb.unionFalseCond = False kb.userAgents = None kb.valueStack = [] + kb.redirectSetCookie = None def __saveCmdline(): """ diff --git a/lib/request/basic.py b/lib/request/basic.py index 5f7e12668..a313489be 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -40,6 +40,12 @@ def forgeHeaders(cookie, ua): else: headers[header] = value + if kb.redirectSetCookie: + if "Cookie" in headers: + headers["Cookie"] = "%s; %s" % (headers["Cookie"], kb.redirectSetCookie) + else: + headers["Cookie"] = kb.redirectSetCookie + return headers def parseResponse(page, headers): diff --git a/lib/request/connect.py b/lib/request/connect.py index 18d581090..28bb60bfd 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -187,6 +187,9 @@ class Connect: if not kb.proxyAuthHeader and req.has_header("Proxy-authorization"): kb.proxyAuthHeader = req.get_header("Proxy-authorization") + if hasattr(conn, "setcookie"): + kb.redirectSetCookie = conn.setcookie + if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled: msg = "sqlmap got a %d redirect to " % conn.redcode msg += "%s - What target address do you " % conn.redurl diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index da5b17791..9767e8cf2 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -26,6 +26,9 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler): elif "uri" in headers: result.redurl = headers.getheaders("uri")[0].split("?")[0] + if "set-cookie" in headers: + result.setcookie = headers["set-cookie"].split("; path")[0] + result.redcode = code return result