mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters)
This commit is contained in:
parent
3cf1658532
commit
034a3f387a
|
@ -28,6 +28,7 @@ from lib.core.agent import agent
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
|
from lib.core.data import queries
|
||||||
from lib.core.session import setUnion
|
from lib.core.session import setUnion
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
|
||||||
|
@ -94,7 +95,7 @@ def unionTest():
|
||||||
|
|
||||||
query = agent.prefixQuery(" UNION ALL SELECT NULL")
|
query = agent.prefixQuery(" UNION ALL SELECT NULL")
|
||||||
|
|
||||||
for comment in ("--", "#", "/*", ";", "%00"):
|
for comment in ("", queries[kb.dbms].comment):
|
||||||
value = __effectiveUnionTest(query, comment)
|
value = __effectiveUnionTest(query, comment)
|
||||||
|
|
||||||
if value:
|
if value:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user