Fixes #920

src/core/injections/controller/injector.py

@@ -373,14 +373,18 @@ def custom_web_root(url, OUTPUT_TEXTFILE):
             message =  "Enter URL to use "
             message += "for command execution output > "
             message = common.read_input(message, default=output, check_batch=True)
-            output = settings.DEFINED_WEBROOT = message
-            info_msg = "Using '" + output
-            info_msg += "' for command execution output."
-            settings.print_data_to_stdout(settings.print_info_msg(info_msg))
-            if not settings.DEFINED_WEBROOT:
+            if not re.search(r'^(?:http)s?://', message, re.I):
+              common.invalid_option(message)
               pass
             else:
-              break
+              output = settings.DEFINED_WEBROOT = message
+              info_msg = "Using '" + output
+              info_msg += "' for command execution output."
+              settings.print_data_to_stdout(settings.print_info_msg(info_msg))
+              if not settings.DEFINED_WEBROOT:
+                pass
+              else:
+                break
           elif procced_option in settings.CHOICE_QUIT:
             raise SystemExit()
           else:

src/utils/settings.py

@@ -262,7 +262,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
 VERSION_NUM = "4.0"
-REVISION = "90"
+REVISION = "91"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE: