adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)

stamparm · stamparm · commit d28ca5809b33 · 2011-03-29T14:16:28.000Z
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -221,6 +221,9 @@
 # Regular expression used for parsing charset info from meta html headers
 META_CHARSET_REGEX  = r'<meta http-equiv="?content-type"?[^>]+charset=(?P<result>[^">]+)'
 
+# Regular expression used for parsing refresh info from meta html headers
+META_REFRESH_REGEX  = r'<meta http-equiv="?refresh"?[^>]+content="?[^">]+url=(?P<result>[^">]+)'
+
 # Regular expression used for parsing empty fields in tested form data
 EMPTY_FORM_FIELDS_REGEX = r'(?P<result>[^=]+=(&|\Z))'
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -21,6 +21,7 @@
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import clearConsoleLine
 from lib.core.common import cpuThrottle
+from lib.core.common import extractRegexResult
 from lib.core.common import getCurrentThreadData
 from lib.core.common import getFilteredPageContent
 from lib.core.common import unicodeToSafeHTMLValue
@@ -43,6 +44,7 @@
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.settings import HTTP_SILENT_TIMEOUT
+from lib.core.settings import META_REFRESH_REGEX
 from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import URI_HTTP_HEADER
 from lib.core.threads import getCurrentThreadData
@@ -96,6 +98,7 @@ def getPage(**kwargs):
         auxHeaders      = kwargs.get('auxHeaders',    None)
         response        = kwargs.get('response',      False)
         ignoreTimeout   = kwargs.get('ignoreTimeout', False)
+        refreshing      = kwargs.get('refreshing',    False)
 
         page            = ""
         cookieStr       = ""
@@ -131,6 +134,13 @@ def getPage(**kwargs):
 
                 return page
 
+            elif refreshing:
+                # Reference(s): 
+                # http://vancouver-webpages.com/META/metatags.detail.html
+                # http://webdesign.about.com/od/metataglibraries/a/aa080300a.htm
+                get = None
+                post = None
+
             else:
                 if conf.parameters.has_key(PLACE.GET) and not get:
                     get = conf.parameters[PLACE.GET]
@@ -253,6 +263,24 @@ def getPage(**kwargs):
             page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE))
             status = getUnicode(conn.msg)
 
+            if extractRegexResult(META_REFRESH_REGEX, page, re.DOTALL | re.IGNORECASE) and not refreshing:
+                url = extractRegexResult(META_REFRESH_REGEX, page, re.DOTALL | re.IGNORECASE)
+
+                if url.lower().startswith('http://'):
+                    kwargs['url'] = url
+                else:
+                    kwargs['url'] = conf.url[:conf.url.rfind('/')+1] + url
+
+                kwargs['refreshing'] = True
+
+                debugMsg = "got HTML meta refresh header"
+                logger.debug(debugMsg)
+
+                try:
+                    return Connect.__getPageProxy(**kwargs)
+                except sqlmapSyntaxException:
+                    pass
+
             # Explicit closing of connection object
             if not conf.keepAlive:
                 try:
