Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196.

doc/THANKS

@@ -294,6 +294,9 @@ Jason Swan <jasoneswan@gmail.com>
     for reporting a bug when enumerating columns on Microsoft SQL Server
     for suggesting a couple of improvements
 
+Chilik Tamir <phenoman@gmail.com>
+    for providing a patch for initial support SOAP requests
+
 Alessandro Tanasi <alessandro@tanasi.it>
     for extensively beta-testing sqlmap
     for suggesting many features and reporting some bugs

lib/core/agent.py

@@ -24,6 +24,8 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
 import re
 
+from xml.etree import ElementTree as ET
+
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.convert import urlencode
@@ -33,7 +35,6 @@ from lib.core.data import queries
 from lib.core.data import temp
 from lib.core.exception import sqlmapNoneDataException
 
-
 class Agent:
     """
     This class defines the SQL agent methods.
@@ -82,6 +83,16 @@ class Agent:
             paramString = conf.parameters[kb.injPlace]
             paramDict = conf.paramDict[kb.injPlace]
             value = paramDict[kb.injParameter]
+
+            if "POSTxml" in conf.paramDict and kb.injPlace == "POST":
+                root = ET.XML(paramString)
+                iterator = root.getiterator(kb.injParameter)
+
+                for child in iterator:
+                    child.text = "%s%s" % (negValue, value + falseValue + newValue)
+
+                retValue = ET.tostring(root)
+            else:
                 retValue = paramString.replace("%s=%s" % (kb.injParameter, value),
                                                "%s=%s%s" % (kb.injParameter, negValue, value + falseValue + newValue))
 
@@ -90,6 +101,16 @@ class Agent:
             retValue = value.replace(value, newValue)
         else:
             paramString = conf.parameters[place]
+
+            if "POSTxml" in conf.paramDict and place == "POST":
+                root = ET.XML(paramString)
+                iterator = root.getiterator(parameter)
+
+                for child in iterator:
+                    child.text = newValue
+
+                retValue = ET.tostring(root)
+            else:
                 retValue = paramString.replace("%s=%s" % (parameter, value),
                                                "%s=%s" % (parameter, newValue))
 

lib/core/common.py

@@ -44,6 +44,7 @@ from subprocess import PIPE
 from subprocess import Popen as execute
 from tempfile import NamedTemporaryFile
 from tempfile import mkstemp
+from xml.etree import ElementTree as ET
 from xml.sax import parse
 
 from extra.cloak.cloak import decloak
@@ -96,6 +97,7 @@ def paramToDict(place, parameters=None):
     if conf.parameters.has_key(place) and not parameters:
         parameters = conf.parameters[place]
 
+    if place is not "POSTxml":
         parameters = parameters.replace(", ", ",")
 
         if place == "Cookie":
@@ -113,8 +115,18 @@ def paramToDict(place, parameters=None):
                 condition |= parameter in conf.testParameter
 
                 if condition:
-                value = elem[1]
-                testableParameters[parameter] = value
+                    testableParameters[parameter] = elem[1]
+    else:
+        root = ET.XML(parameters)
+        iterator = root.getiterator()
+
+        for child in iterator:
+            parameter = child.tag
+            condition = not conf.testParameter
+            condition |= parameter.split("}")[1] in conf.testParameter
+
+            if condition:
+                testableParameters[parameter] = child.text
 
     if conf.testParameter and not testableParameters:
         paramStr = ", ".join(test for test in conf.testParameter)

lib/core/convert.py

@@ -86,7 +86,7 @@ def urldecode(string):
     return result
 
 def urlencode(string, safe=":/?%&=", convall=False):
-    if conf.direct:
+    if conf.direct or "POSTxml" in conf.paramDict:
         return string
 
     result = None

lib/core/target.py

@@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
 import codecs
 import os
+import re
 import time
 
 from lib.core.common import dataToSessionFile
@@ -66,7 +67,14 @@ def __setRequestParams():
         raise sqlmapSyntaxException, errMsg
 
     if conf.data:
+        conf.data = conf.data.replace("\n", " ")
         conf.parameters["POST"] = conf.data
+
+        # Check if POST data is in xml syntax
+        if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
+            conf.paramDict["POSTxml"] = True
+            __paramDict = paramToDict("POSTxml", conf.data)
+        else:
             __paramDict = paramToDict("POST", conf.data)
 
         if __paramDict: