Patch for an Issue #452

lib/core/option.py

@@ -258,13 +258,17 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
             newline = None
             lines = request.split('\n')
 
-            for line in lines:
+            for index in xrange(len(lines)):
+                line = lines[index]
+
+                if not line.strip() and index == len(lines) - 1:
+                    break
+
                 newline = "\r\n" if line.endswith('\r') else '\n'
                 line = line.strip('\r')
                 match = re.search(r"\A(%s) (.+) HTTP/[\d.]+\Z" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), line) if not method else None
 
-                if len(line) == 0:
+                if len(line) == 0 and method in (HTTPMETHOD.POST, HTTPMETHOD.PUT) and data is None:
-                    if method in (HTTPMETHOD.POST, HTTPMETHOD.PUT) and data is None:
                     data = ""
                     params = True
 

lib/core/target.py

@@ -103,6 +103,16 @@ def _setRequestParams():
 
             return retVal
 
+        if kb.processUserMarks is None:
+            message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
+            message += "'--data'. Do you want to process it? [Y/n/q] "
+            test = readInput(message, default="Y")
+            if test and test[0] in ("q", "Q"):
+                raise SqlmapUserQuitException
+            else:
+                kb.processUserMarks = not test or test[0] not in ("n", "N")
+
+        if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
             if re.search(JSON_RECOGNITION_REGEX, conf.data):
                 message = "JSON like data found in %s data. " % conf.method
                 message += "Do you want to process it? [Y/n/q] "