From 3814f6cc63b9bdf34ee9db388afbd499aca93764 Mon Sep 17 00:00:00 2001 From: stasinopoulos Date: Mon, 21 Oct 2024 08:22:11 +0300 Subject: [PATCH] Fixes https://github.com/commixproject/commix/issues/969 --- src/core/injections/controller/handler.py | 4 ++-- src/utils/session_handler.py | 2 +- src/utils/settings.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/core/injections/controller/handler.py b/src/core/injections/controller/handler.py index c9c2325528..68d23ce25c 100755 --- a/src/core/injections/controller/handler.py +++ b/src/core/injections/controller/handler.py @@ -394,7 +394,7 @@ def do_time_relative_proccess(url, timesec, filename, http_request_method, url_t if not settings.LOAD_SESSION: shell = "" checks.identified_vulnerable_param(url, technique, injection_type, vuln_parameter, payload, http_request_method, filename, export_injection_info, vp_flag, counter) - session_handler.import_injection_points(url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, original_exec_time, output_length, is_vulnerable=settings.INJECTION_LEVEL) + session_handler.import_injection_points(url, technique, injection_type, filename, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, original_exec_time, output_length, is_vulnerable=settings.INJECTION_LEVEL) else: whitespace = settings.WHITESPACES[0] if technique == settings.INJECTION_TECHNIQUE.TIME_BASED: @@ -643,7 +643,7 @@ def do_results_based_proccess(url, timesec, filename, http_request_method, injec # Export session if not settings.LOAD_SESSION: checks.identified_vulnerable_param(url, technique, injection_type, vuln_parameter, payload, http_request_method, filename, export_injection_info, vp_flag, counter) - session_handler.import_injection_points(url, technique, injection_type, separator, shell[0], vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response=0, timesec=0, exec_time=0, output_length=0, is_vulnerable=settings.INJECTION_LEVEL) + session_handler.import_injection_points(url, technique, injection_type, filename, separator, shell[0], vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response=0, timesec=0, exec_time=0, output_length=0, is_vulnerable=settings.INJECTION_LEVEL) else: whitespace = settings.WHITESPACES[0] cmd = maxlen = "" diff --git a/src/utils/session_handler.py b/src/utils/session_handler.py index 28c885b2c7..252caf7719 100755 --- a/src/utils/session_handler.py +++ b/src/utils/session_handler.py @@ -101,7 +101,7 @@ def clear(url): """ Import successful injection points to session file. """ -def import_injection_points(url, technique, injection_type, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, exec_time, output_length, is_vulnerable): +def import_injection_points(url, technique, injection_type, filename, separator, shell, vuln_parameter, prefix, suffix, TAG, alter_shell, payload, http_request_method, url_time_response, timesec, exec_time, output_length, is_vulnerable): try: conn = sqlite3.connect(settings.SESSION_FILE) conn.execute("CREATE TABLE IF NOT EXISTS " + table_name(url) + "_ip" + \ diff --git a/src/utils/settings.py b/src/utils/settings.py index da02ec8321..e596cb04cd 100755 --- a/src/utils/settings.py +++ b/src/utils/settings.py @@ -262,7 +262,7 @@ def sys_argv_errors(): DESCRIPTION = "The command injection exploiter" AUTHOR = "Anastasios Stasinopoulos" VERSION_NUM = "4.0" -REVISION = "101" +REVISION = "102" STABLE_RELEASE = False VERSION = "v" if STABLE_RELEASE: