https://github.com/commixproject/commix/issues/971

src/core/requests/parameters.py

@@ -188,6 +188,7 @@ def vuln_GET_param(url):
   elif re.search(r"" + settings.PARAMETER_DELIMITER + r"(.*)=[\S*(\\/)]*" + settings.INJECT_TAG, url) or \
        re.search(r"\?(.*)=[\S*(\\/)]*" + settings.INJECT_TAG , url):
     pairs = url.split("?")[1].split(settings.PARAMETER_DELIMITER)
+    pairs[:] = [param for param in pairs if any(value in param for value in ["="])]
     for param in range(0,len(pairs)):
       if settings.INJECT_TAG in pairs[param]:
         vuln_parameter = pairs[param].split("=")[0]
@@ -493,6 +494,7 @@ def vuln_POST_param(parameter, url):
     if re.search(r"" + settings.PARAMETER_DELIMITER + r"(.*)=[\S*(\\/)]*" + settings.INJECT_TAG, parameter) or \
        re.search(r"(.*)=[\S*(\\/)]*" + settings.INJECT_TAG , parameter):
       pairs = parameter.split(settings.PARAMETER_DELIMITER)
+      pairs[:] = [param for param in pairs if any(value in param for value in ["="])]
       for param in range(0,len(pairs)):
         if settings.INJECT_TAG in pairs[param]:
           vuln_parameter = pairs[param].split("=")[0]
@@ -706,6 +708,7 @@ def specify_cookie_parameter(cookie):
   if re.search(r"" + settings.COOKIE_DELIMITER + r"(.*)=[\S*(\\/)]*" + settings.INJECT_TAG, cookie) or \
      re.search(r"(.*)=[\S*(\\/)]*" + settings.INJECT_TAG , cookie):
     pairs = cookie.split(settings.COOKIE_DELIMITER)
+    pairs[:] = [param for param in pairs if any(value in param for value in ["="])]
     for param in range(0,len(pairs)):
       if settings.INJECT_TAG in pairs[param]:
         vuln_parameter = pairs[param].split("=")[0]

src/utils/settings.py

@@ -262,7 +262,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
 VERSION_NUM = "4.0"
-REVISION = "102"
+REVISION = "103"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE: