Ugly code to set the cookies when got them from a 302 redirect too

bdamele · bdamele · commit 5d37df610419 · 2010-12-03T17:41:10.000Z
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1184,6 +1184,7 @@ def __setKnowledgeBaseAttributes():
     kb.unionFalseCond  = False
     kb.userAgents      = None
     kb.valueStack      = []
+    kb.redirectSetCookie = None
 
 def __saveCmdline():
     """
diff --git a/lib/request/basic.py b/lib/request/basic.py
@@ -40,6 +40,12 @@ def forgeHeaders(cookie, ua):
         else:
             headers[header] = value
 
+    if kb.redirectSetCookie:
+        if "Cookie" in headers:
+            headers["Cookie"] = "%s; %s" % (headers["Cookie"], kb.redirectSetCookie)
+        else:
+            headers["Cookie"] = kb.redirectSetCookie
+
     return headers
 
 def parseResponse(page, headers):
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -187,6 +187,9 @@ def getPage(**kwargs):
             if not kb.proxyAuthHeader and req.has_header("Proxy-authorization"):
                 kb.proxyAuthHeader = req.get_header("Proxy-authorization")
 
+            if hasattr(conn, "setcookie"):
+                kb.redirectSetCookie = conn.setcookie
+
             if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled:
                 msg  = "sqlmap got a %d redirect to " % conn.redcode
                 msg += "%s - What target address do you " % conn.redurl
diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py
@@ -26,6 +26,9 @@ def common_http_redirect(self, result, headers, code):
         elif "uri" in headers:
             result.redurl = headers.getheaders("uri")[0].split("?")[0]
 
+        if "set-cookie" in headers:
+            result.setcookie = headers["set-cookie"].split("; path")[0]
+
         result.redcode = code
 
         return result
