Minor patch for custom injection into HTTP Authorization header

stamparm · stamparm · commit 95b52a02ecf7 · 2015-04-22T10:28:16.000+02:00
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -28,6 +28,7 @@
 from lib.core.dicts import DUMP_DATA_PREPROCESS
 from lib.core.dicts import FROM_DUMMY_TABLE
 from lib.core.enums import DBMS
+from lib.core.enums import HTTP_HEADER
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.enums import POST_HINT
@@ -114,6 +115,11 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
             match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
             if match:
                 origValue = match.group("value")
+            elif ',' in paramString:
+                header = paramString.split(',')[0]
+
+                if header.upper() == HTTP_HEADER.AUTHORIZATION.upper():
+                    origValue = origValue.split(' ')[-1]
 
         if conf.prefix:
             value = origValue
