CERBERUS/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-06-10 10:07:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Support for X-CSRF-TOKEN header (Issue #2)

Browse source
This commit is contained in:
Miroslav Stampar 2014-10-23 14:33:22 +02:00
parent 95f2e61ca1
commit abbd352392
2 changed files with 18 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/core/target.py
View file

@ -346,9 +346,9 @@ def _setRequestParams():
raise SqlmapGenericException(errMsg)
if conf.csrfToken:
if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))):
if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders):
errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken
errMsg += "found in provided GET and/or POST values"
errMsg += "found in provided GET, POST or header values"
raise SqlmapGenericException(errMsg)
else:
for place in (PLACE.GET, PLACE.POST):