Update for an Issue #431

lib/core/enums.py

@@ -76,6 +76,12 @@ class HTTPMETHOD:
     GET = "GET"
     POST = "POST"
     HEAD = "HEAD"
+    PUT = "PUT"
+    DELETE = "DETELE"
+    TRACE = "TRACE"
+    OPTIONS = "OPTIONS"
+    CONNECT = "CONNECT"
+    PATCH = "PATCH"
 
 class NULLCONNECTION:
     HEAD = "HEAD"

lib/core/option.py

@@ -241,10 +241,10 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
             else:
                 scheme, port = None, None
 
-            if not re.search(r"^[\n]*(GET|POST).*?\sHTTP\/", request, re.I | re.M):
+            if not re.search(r"^[\n]*(%s).*?\sHTTP\/" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), request, re.I | re.M):
                 continue
 
-            if re.search(r"^[\n]*(GET|POST).*?\.(%s)\sHTTP\/" % "|".join(CRAWL_EXCLUDE_EXTENSIONS), request, re.I | re.M):
+            if re.search(r"^[\n]*(%s|%s).*?\.(%s)\sHTTP\/" % (HTTPMETHOD.GET, HTTPMETHOD.POST, "|".join(CRAWL_EXCLUDE_EXTENSIONS)), request, re.I | re.M):
                 continue
 
             getPostReq = False
@@ -260,19 +260,16 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
             for line in lines:
                 newline = "\r\n" if line.endswith('\r') else '\n'
                 line = line.strip('\r')
+                match = re.search(r"\A(%s) (.+) HTTP/[\d.]+\Z" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), line) if not method else None
+
                 if len(line) == 0:
-                    if method == HTTPMETHOD.POST and data is None:
+                    if method in (HTTPMETHOD.POST, HTTPMETHOD.PUT) and data is None:
                         data = ""
                         params = True
 
-                elif (line.startswith("GET ") or line.startswith("POST ")) and " HTTP/" in line:
+                elif match:
-                    if line.startswith("GET "):
+                    method = match.group(1)
-                        index = 4
+                    url = match.group(2)
-                    else:
-                        index = 5
-
-                    url = line[index:line.index(" HTTP/")]
-                    method = line[:index - 1]
 
                     if "?" in line and "=" in line:
                         params = True

lib/core/target.py

@@ -86,7 +86,7 @@ def _setRequestParams():
         raise SqlmapSyntaxException(errMsg)
 
     if conf.data is not None:
-        conf.method = HTTPMETHOD.POST
+        conf.method = HTTPMETHOD.POST if not conf.method or conf.method == HTTPMETHOD.GET else conf.method
 
         def process(match, repl):
             retVal = match.group(0)
@@ -103,7 +103,7 @@ def _setRequestParams():
             return retVal
 
         if re.search(JSON_RECOGNITION_REGEX, conf.data):
-            message = "JSON like data found in POST data. "
+            message = "JSON like data found in %s data. " % conf.method
             message += "Do you want to process it? [Y/n/q] "
             test = readInput(message, default="Y")
             if test and test[0] in ("q", "Q"):
@@ -115,7 +115,7 @@ def _setRequestParams():
                 kb.postHint = POST_HINT.JSON
 
         elif re.search(SOAP_RECOGNITION_REGEX, conf.data):
-            message = "SOAP/XML like data found in POST data. "
+            message = "SOAP/XML like data found in %s data. " % conf.method
             message += "Do you want to process it? [Y/n/q] "
             test = readInput(message, default="Y")
             if test and test[0] in ("q", "Q"):
@@ -126,7 +126,7 @@ def _setRequestParams():
                 kb.postHint = POST_HINT.SOAP if "soap" in conf.data.lower() else POST_HINT.XML
 
         elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data):
-            message = "Multipart like data found in POST data. "
+            message = "Multipart like data found in %s data. " % conf.method
             message += "Do you want to process it? [Y/n/q] "
             test = readInput(message, default="Y")
             if test and test[0] in ("q", "Q"):