sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters)

Browse Source
This commit is contained in:
Bernardo Damele 2008-12-01 23:09:07 +00:00
parent 3cf1658532
commit 034a3f387a
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/techniques/inband/union/test.py
View File

@ -28,6 +28,7 @@ from lib.core.agent import agent
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.session import setUnion
from lib.request.connect import Connect as Request
@ -94,7 +95,7 @@ def unionTest():
query = agent.prefixQuery(" UNION ALL SELECT NULL")
for comment in ("--", "#", "/*", ";", "%00"):
for comment in ("", queries[kb.dbms].comment):
value = __effectiveUnionTest(query, comment)
if value: