1.82b: NULL pointer in is_javascript() fixed.
This commit is contained in:
parent
a3473417d9
commit
0717375d0a
|
@ -1,3 +1,8 @@
|
||||||
|
Version 1.82b:
|
||||||
|
--------------
|
||||||
|
|
||||||
|
- NULL pointer in is_javascript() fixed.
|
||||||
|
|
||||||
Version 1.81b:
|
Version 1.81b:
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
|
|
2
Makefile
2
Makefile
|
@ -20,7 +20,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
PROGNAME = skipfish
|
PROGNAME = skipfish
|
||||||
VERSION = 1.81b
|
VERSION = 1.82b
|
||||||
|
|
||||||
OBJFILES = http_client.c database.c crawler.c analysis.c report.c
|
OBJFILES = http_client.c database.c crawler.c analysis.c report.c
|
||||||
INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \
|
INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \
|
||||||
|
|
|
@ -1176,7 +1176,10 @@ static u8 is_javascript(struct http_response* res) {
|
||||||
end = text + strcspn((char*)text, "\r\n");
|
end = text + strcspn((char*)text, "\r\n");
|
||||||
} else if (text[1] == '*') {
|
} else if (text[1] == '*') {
|
||||||
end = (u8*)strstr((char*)text + 2, "*/");
|
end = (u8*)strstr((char*)text + 2, "*/");
|
||||||
if (end) end += 2;
|
if (end) end += 2; else {
|
||||||
|
res->js_type = 1;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
res->js_type = 1;
|
res->js_type = 1;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -1184,7 +1184,7 @@ static u8 inject_check7_callback(struct http_request* req,
|
||||||
misc[7] = 9 1 - (or orig 0 0 - -)
|
misc[7] = 9 1 - (or orig 0 0 - -)
|
||||||
|
|
||||||
If misc[0] == misc[1], but misc[0] != misc[2], probable (numeric) SQL
|
If misc[0] == misc[1], but misc[0] != misc[2], probable (numeric) SQL
|
||||||
injection. Ditto for misc[2] == misc[6], but misc[6] != misc[7].
|
injection. Ditto for misc[1] == misc[6], but misc[6] != misc[7].
|
||||||
|
|
||||||
If misc[3] != misc[4] and misc[3] != misc[5], probable text SQL
|
If misc[3] != misc[4] and misc[3] != misc[5], probable text SQL
|
||||||
injection.
|
injection.
|
||||||
|
|
Loading…
Reference in New Issue