diff --git a/lib/core/settings.py b/lib/core/settings.py index b60fa79a866..a0b72050dcc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.7.9.3" +VERSION = "1.7.10.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 4b1a8d6d55a..23ac53c4e25 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -641,7 +641,7 @@ class _(dict): responseHeaders = conn.info() responseHeaders[URI_HTTP_HEADER] = conn.geturl() if hasattr(conn, "geturl") else url - if hasattr(conn, "redurl"): + if getattr(conn, "redurl", None) is not None: responseHeaders[HTTP_HEADER.LOCATION] = conn.redurl responseHeaders = patchHeaders(responseHeaders) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index a305906b253..406ce6b6969 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -6,6 +6,7 @@ """ import io +import re import time import types @@ -71,6 +72,7 @@ def _redirect_request(self, req, fp, code, msg, headers, newurl): def http_error_302(self, req, fp, code, msg, headers): start = time.time() content = None + forceRedirect = False redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None try: @@ -111,12 +113,18 @@ def http_error_302(self, req, fp, code, msg, headers): redurl = _urllib.parse.urljoin(req.get_full_url(), redurl) self._infinite_loop_check(req) - self._ask_redirect_choice(code, redurl, req.get_method()) + if conf.scope: + if not re.search(conf.scope, redurl, re.I): + redurl = None + else: + forceRedirect = True + else: + self._ask_redirect_choice(code, redurl, req.get_method()) except ValueError: redurl = None result = fp - if redurl and kb.choices.redirect == REDIRECTION.YES: + if redurl and (kb.choices.redirect == REDIRECTION.YES or forceRedirect): parseResponse(content, headers) req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)