1.63b: WordPress param injection fixes
Changed param injection check slightly to work better with WordPress.
This commit is contained in:
parent
3a220b94d2
commit
aed5e5bea0
|
@ -1,3 +1,8 @@
|
|||
Version 1.63b:
|
||||
--------------
|
||||
|
||||
- Changed param injection check slightly to work better with WordPress.
|
||||
|
||||
Version 1.62b:
|
||||
--------------
|
||||
|
||||
|
|
2
Makefile
2
Makefile
|
@ -20,7 +20,7 @@
|
|||
#
|
||||
|
||||
PROGNAME = skipfish
|
||||
VERSION = 1.62b
|
||||
VERSION = 1.63b
|
||||
|
||||
OBJFILES = http_client.c database.c crawler.c analysis.c report.c
|
||||
INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \
|
||||
|
|
1
config.h
1
config.h
|
@ -96,6 +96,7 @@
|
|||
/* Crawler / probe constants: */
|
||||
|
||||
#define BOGUS_FILE "sfi9876" /* Name that should not exist */
|
||||
#define BOGUS_PARAM "9876sfi" /* Meaningless parameter */
|
||||
#define MAX_404 4 /* Maximum number of 404 sigs */
|
||||
#define PAR_MAX_DIGITS 6 /* Max digits in a fuzzable int */
|
||||
#define PAR_INT_FUZZ 100 /* Fuzz by + / - this much */
|
||||
|
|
|
@ -1504,7 +1504,7 @@ static void crawl_parametric_init(struct pivot_desc* pv) {
|
|||
for (i=0;i<BH_CHECKS;i++) {
|
||||
n = req_copy(pv->req, pv, 1);
|
||||
ck_free(TPAR(n));
|
||||
TPAR(n) = ck_strdup((u8*)BOGUS_FILE);
|
||||
TPAR(n) = ck_strdup((u8*)BOGUS_PARAM);
|
||||
n->callback = par_check_callback;
|
||||
n->user_val = i;
|
||||
async_request(n);
|
||||
|
|
Loading…
Reference in New Issue