Minor improvement regarding successfully completing the scanning proc…

…ess (i.e. in case that parameters with anti-CSRF tokens are omitted)
commixproject · Dec 1, 2023 · f14a1fa · f14a1fa
1 parent fb1c798
commit f14a1fa
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 2 deletions.
diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md
@@ -1,4 +1,5 @@
 ## Version 3.9 (TBA)
+* Revised: Minor improvement regarding successfully completing the scanning process (i.e. in case that parameters with anti-CSRF tokens are omitted). (via @xerxoria)
 * Revised: Minor improvement regarding Windows-based payloads for semiblind (i.e. "file-based") technique (i.e. command execution output).
 * Revised: Minor improvement in semiblind (i.e. "file-based") technique, regarding defining the URL where the execution output of an injected payload is shown.
 * Added: New switch `--ignore-proxy` to ignore the system default HTTP proxy.

diff --git a/doc/THANKS.md b/doc/THANKS.md
@@ -7,6 +7,7 @@
 * Thanks [m3g9tr0n](https://twitter.com/m3g9tr0n) for a donation.
 
 ## List of individual contributors:
+* Thanks [xerxoria](https://github.com/xerxoria) for reporting a bug and for suggesting a relevant fix.
 * Thanks [Kazgangap](https://github.com/Kazgangap) for contributing a Turkish translation of README.md.
 * Thanks [0xFred](https://github.com/0xFred) for contributing code.
 * Thanks [verfosec](https://github.com/verfosec) for contributing a Farsi(Persian) translation of README.md.
@@ -81,7 +82,7 @@
 * Thanks [Slavery](https://github.com/Slavery) for reporting a bug.
 * Thanks [sno0ose](https://github.com/sno0ose) for reporting a bug.
 * Thanks [somarrr](https://github.com/somarrr) for reporting a bug.
-* Thanks [Suselz](https://github.com/Suselz) for reporting a few bugs and for suggesting suggesting enhancements.
+* Thanks [Suselz](https://github.com/Suselz) for reporting a few bugs and for suggesting enhancements.
 * Thanks [td4b](https://github.com/td4b) for contributing code.
 * Thanks [techn0tr0ll](https://github.com/techn0tr0ll) for reporting a bug.
 * Thanks [Tensha](https://github.com/Tensha) for reporting a bug.

diff --git a/src/core/requests/parameters.py b/src/core/requests/parameters.py
@@ -136,6 +136,7 @@ def multi_params_get_value(parameter):
  value = checks.value_boundaries(all_params[param], value, http_request_method)
  # Ignoring the anti-CSRF parameter(s).
  if checks.ignore_anticsrf_parameter(all_params[param]):
+ all_params[param - 1] = ''.join(all_params[param - 1]).replace(settings.INJECT_TAG, "")
  continue
  # Replace the value of parameter with INJECT_HERE tag
  if len(value) == 0:
@@ -322,6 +323,7 @@ def multi_params_get_value(param, all_params):
  value = checks.value_boundaries(all_params[param], value, http_request_method)
  # Ignoring the anti-CSRF parameter(s).
  if checks.ignore_anticsrf_parameter(all_params[param]):
+ all_params[param - 1] = ''.join(all_params[param - 1]).replace(settings.INJECT_TAG, "")
  continue
  # Replace the value of parameter with INJECT_HERE tag
  if len(value) == 0:
@@ -523,6 +525,7 @@ def multi_params_get_value(parameter):
  value = multi_params_get_value(all_params[param])
  # Ignoring the anti-CSRF parameter(s).
  if checks.ignore_anticsrf_parameter(all_params[param]):
+ all_params[param - 1] = ''.join(all_params[param - 1]).replace(settings.INJECT_TAG, "")
  continue
  # Ignoring the Google analytics cookie parameter.
  if checks.ignore_google_analytics_cookie(all_params[param]):

diff --git a/src/utils/settings.py b/src/utils/settings.py
@@ -241,7 +241,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR = "Anastasios Stasinopoulos"
 VERSION_NUM = "3.9"
-REVISION = "26"
+REVISION = "27"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE: