Minor update

src/core/injections/controller/checks.py

@@ -136,7 +136,7 @@ def process_custom_injection_data(data):
           data = data.replace(settings.CUSTOM_INJECTION_MARKER_CHAR, settings.ASTERISK_MARKER)
       _.append(data)
     data = "\\n".join((list(dict.fromkeys(_)))).rstrip("\\n")
-    data = data.replace(settings.ASTERISK_MARKER, settings.INJECT_TAG)
+    # data = data.replace(settings.ASTERISK_MARKER, settings.INJECT_TAG)
     # if settings.INJECT_TAG in data:
     #   settings.CUSTOM_INJECTION_MARKER_DATA.append(data)
     #   settings.CUSTOM_INJECTION_MARKER_DATA = (list(dict.fromkeys(settings.CUSTOM_INJECTION_MARKER_DATA)))

src/core/requests/parameters.py

@@ -154,7 +154,11 @@ def multi_params_get_value(parameter):
               if not menu.options.skip_empty:
                 all_params[param] = ''.join(all_params[param] + settings.INJECT_TAG)
             else:
-              all_params[param] = ''.join(all_params[param]).replace(value, value + settings.INJECT_TAG)
+              if settings.CUSTOM_INJECTION_MARKER:
+                if settings.ASTERISK_MARKER in value:
+                  all_params[param] = ''.join(all_params[param]).replace(value, value.replace(settings.ASTERISK_MARKER,"") + settings.INJECT_TAG)
+              else:
+                all_params[param] = ''.join(all_params[param]).replace(value, value + settings.INJECT_TAG)
             all_params[param - 1] = ''.join(all_params[param - 1]).replace(settings.INJECT_TAG, "")
             parameter = settings.PARAMETER_DELIMITER.join(all_params)
             # Reconstruct the URL
@@ -411,7 +415,11 @@ def json_format(parameter):
             else:
               all_params[param] = ''.join(all_params[param] + settings.INJECT_TAG)
         else:
-          all_params[param] = ''.join(all_params[param]).replace(value, value + settings.INJECT_TAG)
+          if settings.CUSTOM_INJECTION_MARKER:
+            if settings.ASTERISK_MARKER in value:
+              all_params[param] = ''.join(all_params[param]).replace(value, value.replace(settings.ASTERISK_MARKER,"") + settings.INJECT_TAG)
+          else:
+            all_params[param] = ''.join(all_params[param]).replace(value, value + settings.INJECT_TAG)
           if settings.IS_JSON and len(all_params[param].split("\":")) == 2:
             check_parameter = all_params[param].split("\":")[0] 
             if settings.INJECT_TAG in check_parameter:
@@ -623,7 +631,11 @@ def multi_params_get_value(parameter):
           if not menu.options.skip_empty:
             all_params[param] = ''.join(all_params[param] + settings.INJECT_TAG)
         else:
-          all_params[param] = ''.join(all_params[param]).replace(value, value + settings.INJECT_TAG)
+          if settings.CUSTOM_INJECTION_MARKER:
+            if settings.ASTERISK_MARKER in value:
+              all_params[param] = ''.join(all_params[param]).replace(value, value.replace(settings.ASTERISK_MARKER,"") + settings.INJECT_TAG)
+          else:
+            all_params[param] = ''.join(all_params[param]).replace(value, value + settings.INJECT_TAG)
         all_params[param - 1] = ''.join(all_params[param - 1]).replace(settings.INJECT_TAG, "")
         cookie = settings.COOKIE_DELIMITER.join(all_params)
         cookie = cookie.replace(settings.RANDOM_TAG, "")

src/utils/settings.py

@@ -247,7 +247,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
 VERSION_NUM = "4.0"
-REVISION = "69"
+REVISION = "70"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE: