Minor update regarding testing HTTP Host header

commixproject · Apr 12, 2024 · 2fca6df · 2fca6df
1 parent f81bd71
commit 2fca6df
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 13 deletions.
diff --git a/src/core/injections/controller/controller.py b/src/core/injections/controller/controller.py
@@ -114,7 +114,7 @@ def command_injection_heuristic_basic(url, http_request_method, check_parameter,
         request = _urllib.request.Request(tmp_url, data, method=http_request_method)
         if cookie:
           request.add_header(settings.COOKIE, cookie)
-        if inject_http_headers:
+        if inject_http_headers and settings.HOST.capitalize() not in check_parameter:
           request.add_header(check_parameter.replace("'", "").strip(), (settings.CUSTOM_HEADER_VALUE + payload).encode(settings.DEFAULT_CODEC))
         headers.do_check(request)
         response = requests.get_request_response(request)
@@ -163,7 +163,7 @@ def code_injections_heuristic_basic(url, http_request_method, check_parameter, t
         tmp_url = url
         if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
           cookie = menu.options.cookie.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload).encode(settings.DEFAULT_CODEC)
-        elif settings.IGNORE_USER_DEFINED_POST_DATA and menu.options.data and settings.INJECT_TAG in menu.options.data:
+        elif not settings.IGNORE_USER_DEFINED_POST_DATA and menu.options.data and settings.INJECT_TAG in menu.options.data:
           if inject_http_headers:
             data = menu.options.data.replace(settings.INJECT_TAG, "").encode(settings.DEFAULT_CODEC)
           else:
@@ -174,7 +174,7 @@ def code_injections_heuristic_basic(url, http_request_method, check_parameter, t
         request = _urllib.request.Request(tmp_url, data, method=http_request_method)
         if cookie:
           request.add_header(settings.COOKIE, cookie)
-        if inject_http_headers:
+        if inject_http_headers and settings.HOST.capitalize() not in check_parameter:
           request.add_header(check_parameter.replace("'", "").strip(), (settings.CUSTOM_HEADER_VALUE + payload).encode(settings.DEFAULT_CODEC))
         headers.do_check(request)
         response = requests.get_request_response(request)

diff --git a/src/core/requests/requests.py b/src/core/requests/requests.py
@@ -416,7 +416,7 @@ def get_request_response(request):
       response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
     except Exception as err_msg:
       response = request_failed(err_msg)
-
+  
   return response
 
 """
@@ -560,15 +560,7 @@ def inject_referer(url, vuln_parameter, payload, http_request_method):
 """
 def host_injection(url, vuln_parameter, payload, http_request_method):
 
-  payload = _urllib.parse.urlparse(url).netloc + payload
-
   def inject_host(url, vuln_parameter, payload, http_request_method):
-
-    if proxy == None:
-      opener = _urllib.request.build_opener()
-    else:
-      opener = _urllib.request.build_opener(proxy)
-
     # Check if defined POST data
     if len(settings.USER_DEFINED_POST_DATA) != 0:
       data = settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC)

diff --git a/src/utils/settings.py b/src/utils/settings.py
@@ -247,7 +247,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
 VERSION_NUM = "4.0"
-REVISION = "27"
+REVISION = "28"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE: