1.81b: Fix to numerical SQL injection detector logic.

spinkham · Dec 3, 2010 · a347341 · a347341
1 parent 35607dc
commit a347341
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 6 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+Version 1.81b:
+--------------
+
+  - Fix to numerical SQL injection detector logic.
+
 Version 1.80b:
 --------------
 

diff --git a/Makefile b/Makefile
@@ -20,7 +20,7 @@
 #
 
 PROGNAME   = skipfish
-VERSION    = 1.80b
+VERSION    = 1.81b
 
 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \

diff --git a/README b/README
@@ -403,10 +403,11 @@ sites.
 
 Lastly, -f controls the maximum number of consecutive HTTP errors you are 
 willing to see before aborting the scan; and -s sets the maximum length of a 
-response to fetch and parse (longer responses will be truncated). When
-scanning large, multimedia-heavy sites, you may also want to specify -e -
-preventing binary documents from being kept verbatim for the report, and
-freeing up a lot of RAM.
+response to fetch and parse (longer responses will be truncated). 
+
+When scanning large, multimedia-heavy sites, you may also want to specify -e.
+This prevents binary documents from being kept in memory for reporting
+purposes, and frees up a lot of RAM.
 
 Further rate-limiting is available through third-party user mode tools such
 as trickle, or kernel-level traffic shaping.

diff --git a/crawler.c b/crawler.c
@@ -1200,7 +1200,7 @@ static u8 inject_check7_callback(struct http_request* req,
     RESP_CHECKS(MREQ(2), MRES(2));
   }
 
-  if (same_page(&MRES(2)->sig, &MRES(6)->sig) &&
+  if (same_page(&MRES(1)->sig, &MRES(6)->sig) &&
       !same_page(&MRES(6)->sig, &MRES(7)->sig)) {
     problem(PROB_SQL_INJECT, MREQ(7), MRES(7),
       (u8*)"response suggests arithmetic evaluation on server side (type 2)",