From ae57a8d9fd8f16430999ed6466e592b8d4571ece Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Fri, 17 Feb 2012 03:34:39 -0600
Subject: [PATCH] Make sure the HTTP method is always uppercase so we don't get
 a 501

---
 modules/auxiliary/scanner/http/blind_sql_query.rb | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/modules/auxiliary/scanner/http/blind_sql_query.rb b/modules/auxiliary/scanner/http/blind_sql_query.rb
index 84e87c9e64..fe859271a7 100644
--- a/modules/auxiliary/scanner/http/blind_sql_query.rb
+++ b/modules/auxiliary/scanner/http/blind_sql_query.rb
@@ -48,6 +48,10 @@ class Metasploit3 < Msf::Auxiliary
 
 	def run_host(ip)
 
+		# Force http verb to be upper-case, because otherwise some web servers such as
+		# Apache might throw you a 501
+		http_method = datastore['METHOD'].upcase
+
 		gvars = nil
 		pvars = nil
 		cvars = nil
@@ -101,7 +105,7 @@ class Metasploit3 < Msf::Auxiliary
 			normalres = send_request_cgi({
 				'uri'  		=> datastore['PATH'],
 				'vars_get' 	=> gvars,
-				'method'   	=> datastore['METHOD'],
+				'method'   	=> http_method,
 				'ctype'		=> 'application/x-www-form-urlencoded',
 				'cookie'    => datastore['COOKIE'],
 				'data'      => datastore['DATA']
@@ -145,7 +149,7 @@ class Metasploit3 < Msf::Auxiliary
 					trueres = send_request_cgi({
 						'uri'  		=>  datastore['PATH'],
 						'vars_get' 	=>  gvars,
-						'method'   	=>  datastore['METHOD'],
+						'method'   	=>  http_method,
 						'ctype'		=> 'application/x-www-form-urlencoded',
 						'cookie'    => datastore['COOKIE'],
 						'data'      => datastore['DATA']
@@ -175,7 +179,7 @@ class Metasploit3 < Msf::Auxiliary
 							falseres = send_request_cgi({
 								'uri'  		=>  datastore['PATH'],
 								'vars_get' 	=>  gvars,
-								'method'   	=>  datastore['METHOD'],
+								'method'   	=>  http_method,
 								'ctype'		=> 'application/x-www-form-urlencoded',
 								'cookie'    => datastore['COOKIE'],
 								'data'      => datastore['DATA']
@@ -242,7 +246,7 @@ class Metasploit3 < Msf::Auxiliary
 					trueres = send_request_cgi({
 						'uri'  		=>  datastore['PATH'],
 						'vars_get' 	=>  gvars,
-						'method'   	=>  datastore['METHOD'],
+						'method'   	=>  http_method,
 						'ctype'		=> 'application/x-www-form-urlencoded',
 						'cookie'    => datastore['COOKIE'],
 						'data'      => pvarstr
@@ -280,7 +284,7 @@ class Metasploit3 < Msf::Auxiliary
 							falseres = send_request_cgi({
 								'uri'  		=>  datastore['PATH'],
 								'vars_get' 	=>  gvars,
-								'method'   	=>  datastore['METHOD'],
+								'method'   	=>  http_method,
 								'ctype'		=> 'application/x-www-form-urlencoded',
 								'cookie'    => datastore['COOKIE'],
 								'data'      => pvarstr