From 30fba849e2716226917f5a971b32098b1a689595 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 9 Sep 2019 13:56:37 +0200
Subject: [PATCH] Implements #3916

---
 lib/core/option.py     | 4 ++++
 lib/core/optiondict.py | 1 +
 lib/core/settings.py   | 2 +-
 lib/parse/cmdline.py   | 3 +++
 lib/request/connect.py | 2 +-
 sqlmap.conf            | 7 +++++--
 6 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index f2ca5e871..7a3059660 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2490,6 +2490,10 @@ def _basicOptionValidation():
         errMsg = "option '--csrf-url' requires usage of option '--csrf-token'"
         raise SqlmapSyntaxException(errMsg)
 
+    if conf.csrfMethod and not conf.csrfToken:
+        errMsg = "option '--csrf-method' requires usage of option '--csrf-token'"
+        raise SqlmapSyntaxException(errMsg)
+
     if conf.csrfToken and conf.threads > 1:
         errMsg = "option '--csrf-url' is incompatible with option '--threads'"
         raise SqlmapSyntaxException(errMsg)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 63b7cd67e..26f6576d2 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -61,6 +61,7 @@ optDict = {
         "skipUrlEncode": "boolean",
         "csrfToken": "string",
         "csrfUrl": "string",
+        "csrfMethod": "string",
         "forceSSL": "boolean",
         "chunked": "boolean",
         "hpp": "boolean",
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 2f7a618f4..2e3a23602 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.9.7"
+VERSION = "1.3.9.8"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 49300f1d8..b8c7395df 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -245,6 +245,9 @@ def cmdLineParser(argv=None):
         request.add_argument("--csrf-url", dest="csrfUrl",
             help="URL address to visit for extraction of anti-CSRF token")
 
+        request.add_argument("--csrf-method", dest="csrfMethod",
+            help="HTTP method to use during anti-CSRF token page visit")
+
         request.add_argument("--force-ssl", dest="forceSSL", action="store_true",
             help="Force usage of SSL/HTTPS")
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 61f47ab79..bf455f2ed 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -1039,7 +1039,7 @@ class Connect(object):
                 return retVal
 
             token = AttribDict()
-            page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
+            page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
             page = urldecode(page)  # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')
 
             match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I)
diff --git a/sqlmap.conf b/sqlmap.conf
index 7a1516e7c..96f9c6799 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -180,16 +180,19 @@ safeReqFile =
 # Default: 0
 safeFreq = 0
 
-# Skip URL encoding of payload data
+# Skip URL encoding of payload data.
 # Valid: True or False
 skipUrlEncode = False
 
-# Parameter used to hold anti-CSRF token
+# Parameter used to hold anti-CSRF token.
 csrfToken = 
 
 # URL address to visit to extract anti-CSRF token
 csrfUrl = 
 
+# HTTP method to use during anti-CSRF token page visit.
+csrfMethod =
+
 # Force usage of SSL/HTTPS
 # Valid: True or False
 forceSSL = False