Update for an Issue #431

2024-11-22 01:26:42 +03:00 · 2014-11-21 09:41:39 +01:00 · 2014-11-21 09:41:39 +01:00 · cf2d5fd453
commit cf2d5fd453
parent 34ce774acd
5 changed files with 16 additions and 8 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -269,7 +269,7 @@ def start():
    for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:
        try:
            conf.url = targetUrl
-            conf.method = targetMethod
+            conf.method = targetMethod.upper() if targetMethod else targetMethod
            conf.data = targetData
            conf.cookie = targetCookie
            conf.httpHeaders = list(initialHeaders)
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -23,6 +23,7 @@ optDict = {
                             },

            "Request":       {
+                               "method":            "string",
                               "data":              "string",
                               "paramDel":          "string",
                               "cookie":            "string",
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -90,6 +90,9 @@ def cmdLineParser():
        request = OptionGroup(parser, "Request", "These options can be used "
                              "to specify how to connect to the target URL")

+        request.add_option("--method", dest="method",
+                           help="Force usage of given HTTP method (e.g. PUT)")
+
        request.add_option("--data", dest="data",
                           help="Data string to be sent through POST")

--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -307,7 +307,7 @@ class Connect(object):
                    url = "%s?%s" % (url, get)
                    requestMsg += "?%s" % get

-                if PLACE.POST in conf.parameters and not post and method in (None, HTTPMETHOD.POST):
+                if PLACE.POST in conf.parameters and not post and method != HTTPMETHOD.GET:
                    post = conf.parameters[PLACE.POST]

            elif get:
@ -634,6 +634,7 @@ class Connect(object):
            auxHeaders = {}

        raise404 = place != PLACE.URI if raise404 is None else raise404
+        method = method or conf.method

        value = agent.adjustLateValues(value)
        payload = agent.extractPayload(value)
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -40,31 +40,34 @@ sitemapUrl =
 # These options can be used to specify how to connect to the target URL.
 [Request]

+# Force usage of given HTTP method (e.g. PUT).
+method = 
+
 # Data string to be sent through POST.
 data = 

-# Character used for splitting parameter values
+# Character used for splitting parameter values.
 paramDel = 

 # HTTP Cookie header value.
 cookie = 

-# Character used for splitting cookie values
+# Character used for splitting cookie values.
 cookieDel = 

-# File containing cookies in Netscape/wget format
+# File containing cookies in Netscape/wget format.
 loadCookies = 

-# Ignore Set-Cookie header from response
+# Ignore Set-Cookie header from response.
 # Valid: True or False
 dropSetCookie = False

 # HTTP User-Agent header value. Useful to fake the HTTP User-Agent header value
-# at each HTTP request
+# at each HTTP request.
 # sqlmap will also test for SQL injection on the HTTP User-Agent value.
 agent =

-# Use randomly selected HTTP User-Agent header value
+# Use randomly selected HTTP User-Agent header value.
 # Valid: True or False
 randomAgent = False