github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-19 13:01:00 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Colons must be escaped when they're part of optional parameters (\:).

Browse source
This commit is contained in:
strunk 2014-10-21 23:13:19 +02:00
commit 2d7e1fc1d0
1 changed files with 28 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

31
hydra-http-form.c
View file

@ -229,7 +229,7 @@ char *stringify_headers(ptr_header_node * ptr_head) {
int ttl_size = 0; int ttl_size = 0;
for (; cur_ptr; cur_ptr = cur_ptr->next) for (; cur_ptr; cur_ptr = cur_ptr->next)
ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 3; ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4;
headers_str = (char *) malloc(ttl_size + 1); headers_str = (char *) malloc(ttl_size + 1);
@ -568,6 +568,9 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
} }
} }
if (debug)
hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request);
found = analyze_server_response(s); found = analyze_server_response(s);
if (auth_flag) { // we received a 401 error - user using wrong module if (auth_flag) { // we received a 401 error - user using wrong module
@ -917,7 +920,11 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
success_cond = 0; success_cond = 0;
} }
while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) { /*
* Parse the user-supplied options.
* Beware of the backslashes (\)!
*/
while (*optional1 != 0) {
switch (optional1[0]) { switch (optional1[0]) {
case 'c': // fall through case 'c': // fall through
case 'C': case 'C':
@ -932,10 +939,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
case 'h': case 'h':
// add a new header at the end // add a new header at the end
ptr = optional1 + 2; ptr = optional1 + 2;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) while (*ptr != 0 && *ptr != ':')
ptr++; ptr++;
if (*ptr != 0) if (*(ptr - 1) == '\\')
*ptr++ = 0; *(ptr - 1) = 0;
if (*ptr != 0){
*ptr = 0;
ptr += 2;
}
ptr2 = ptr; ptr2 = ptr;
while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
ptr2++; ptr2++;
@ -957,10 +968,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
case 'H': case 'H':
// add a new header, or replace an existing one's value // add a new header, or replace an existing one's value
ptr = optional1 + 2; ptr = optional1 + 2;
while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) while (*ptr != 0 && *ptr != ':')
ptr++; ptr++;
if (*ptr != 0) if (*(ptr - 1) == '\\')
*ptr++ = 0; *(ptr - 1) = 0;
if (*ptr != 0){
*ptr = 0;
ptr += 2;
}
ptr2 = ptr; ptr2 = ptr;
while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
ptr2++; ptr2++;