From 034a3f387a9eee2e083cc38576ce20d9d28f408a Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 1 Dec 2008 23:09:07 +0000 Subject: [PATCH] Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters) --- lib/techniques/inband/union/test.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py index 35113c36d..32ef41948 100644 --- a/lib/techniques/inband/union/test.py +++ b/lib/techniques/inband/union/test.py @@ -28,6 +28,7 @@ from lib.core.agent import agent from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.data import queries from lib.core.session import setUnion from lib.request.connect import Connect as Request @@ -94,7 +95,7 @@ def unionTest(): query = agent.prefixQuery(" UNION ALL SELECT NULL") - for comment in ("--", "#", "/*", ";", "%00"): + for comment in ("", queries[kb.dbms].comment): value = __effectiveUnionTest(query, comment) if value: