From a3473417d906d5c35abf40a3e7f07f1d2b97361b Mon Sep 17 00:00:00 2001
From: Steve Pinkham <steve.pinkham@gmail.com>
Date: Fri, 3 Dec 2010 15:32:05 -0500
Subject: [PATCH] 1.81b: Fix to numerical SQL injection detector logic.

---
 ChangeLog | 5 +++++
 Makefile  | 2 +-
 README    | 9 +++++----
 crawler.c | 2 +-
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index affac9d..a54f83c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Version 1.81b:
+--------------
+
+  - Fix to numerical SQL injection detector logic.
+
 Version 1.80b:
 --------------
 
diff --git a/Makefile b/Makefile
index 9887407..ac63ee1 100644
--- a/Makefile
+++ b/Makefile
@@ -20,7 +20,7 @@
 #
 
 PROGNAME   = skipfish
-VERSION    = 1.80b
+VERSION    = 1.81b
 
 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \
diff --git a/README b/README
index 85edd41..aa61f7a 100644
--- a/README
+++ b/README
@@ -403,10 +403,11 @@ sites.
 
 Lastly, -f controls the maximum number of consecutive HTTP errors you are 
 willing to see before aborting the scan; and -s sets the maximum length of a 
-response to fetch and parse (longer responses will be truncated). When
-scanning large, multimedia-heavy sites, you may also want to specify -e -
-preventing binary documents from being kept verbatim for the report, and
-freeing up a lot of RAM.
+response to fetch and parse (longer responses will be truncated). 
+
+When scanning large, multimedia-heavy sites, you may also want to specify -e.
+This prevents binary documents from being kept in memory for reporting
+purposes, and frees up a lot of RAM.
 
 Further rate-limiting is available through third-party user mode tools such
 as trickle, or kernel-level traffic shaping.
diff --git a/crawler.c b/crawler.c
index b068a62..98b0b48 100644
--- a/crawler.c
+++ b/crawler.c
@@ -1200,7 +1200,7 @@ static u8 inject_check7_callback(struct http_request* req,
     RESP_CHECKS(MREQ(2), MRES(2));
   }
 
-  if (same_page(&MRES(2)->sig, &MRES(6)->sig) &&
+  if (same_page(&MRES(1)->sig, &MRES(6)->sig) &&
       !same_page(&MRES(6)->sig, &MRES(7)->sig)) {
     problem(PROB_SQL_INJECT, MREQ(7), MRES(7),
       (u8*)"response suggests arithmetic evaluation on server side (type 2)",