Update for an Issue sqlmapproject#431

stamparm · stamparm · commit cf2d5fd45368 · 2014-11-21T09:41:49.000+01:00
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -269,7 +269,7 @@ def start():
     for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:
         try:
             conf.url = targetUrl
-            conf.method = targetMethod
+            conf.method = targetMethod.upper() if targetMethod else targetMethod
             conf.data = targetData
             conf.cookie = targetCookie
             conf.httpHeaders = list(initialHeaders)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -23,6 +23,7 @@
                              },
 
             "Request":       {
+                               "method":            "string",
                                "data":              "string",
                                "paramDel":          "string",
                                "cookie":            "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -90,6 +90,9 @@ def cmdLineParser():
         request = OptionGroup(parser, "Request", "These options can be used "
                               "to specify how to connect to the target URL")
 
+        request.add_option("--method", dest="method",
+                           help="Force usage of given HTTP method (e.g. PUT)")
+
         request.add_option("--data", dest="data",
                            help="Data string to be sent through POST")
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -307,7 +307,7 @@ def getPage(**kwargs):
                     url = "%s?%s" % (url, get)
                     requestMsg += "?%s" % get
 
-                if PLACE.POST in conf.parameters and not post and method in (None, HTTPMETHOD.POST):
+                if PLACE.POST in conf.parameters and not post and method != HTTPMETHOD.GET:
                     post = conf.parameters[PLACE.POST]
 
             elif get:
@@ -634,6 +634,7 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
             auxHeaders = {}
 
         raise404 = place != PLACE.URI if raise404 is None else raise404
+        method = method or conf.method
 
         value = agent.adjustLateValues(value)
         payload = agent.extractPayload(value)
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -40,31 +40,34 @@ sitemapUrl =
 # These options can be used to specify how to connect to the target URL.
 [Request]
 
+# Force usage of given HTTP method (e.g. PUT).
+method = 
+
 # Data string to be sent through POST.
 data = 
 
-# Character used for splitting parameter values
+# Character used for splitting parameter values.
 paramDel = 
 
 # HTTP Cookie header value.
 cookie = 
 
-# Character used for splitting cookie values
+# Character used for splitting cookie values.
 cookieDel = 
 
-# File containing cookies in Netscape/wget format
+# File containing cookies in Netscape/wget format.
 loadCookies = 
 
-# Ignore Set-Cookie header from response
+# Ignore Set-Cookie header from response.
 # Valid: True or False
 dropSetCookie = False
 
 # HTTP User-Agent header value. Useful to fake the HTTP User-Agent header value
-# at each HTTP request
+# at each HTTP request.
 # sqlmap will also test for SQL injection on the HTTP User-Agent value.
 agent =
 
-# Use randomly selected HTTP User-Agent header value
+# Use randomly selected HTTP User-Agent header value.
 # Valid: True or False
 randomAgent = False
 
