mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters)
This commit is contained in:
parent
3cf1658532
commit
034a3f387a
|
@ -28,6 +28,7 @@ from lib.core.agent import agent
|
|||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import queries
|
||||
from lib.core.session import setUnion
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
|
@ -94,7 +95,7 @@ def unionTest():
|
|||
|
||||
query = agent.prefixQuery(" UNION ALL SELECT NULL")
|
||||
|
||||
for comment in ("--", "#", "/*", ";", "%00"):
|
||||
for comment in ("", queries[kb.dbms].comment):
|
||||
value = __effectiveUnionTest(query, comment)
|
||||
|
||||
if value:
|
||||
|
|
Loading…
Reference in New Issue
Block a user