Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters)

bdamele · bdamele · commit 034a3f387a9e · 2008-12-01T23:09:07.000Z
diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py
@@ -28,6 +28,7 @@
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.data import queries
 from lib.core.session import setUnion
 from lib.request.connect import Connect as Request
 
@@ -94,7 +95,7 @@ def unionTest():
 
     query = agent.prefixQuery(" UNION ALL SELECT NULL")
 
-    for comment in ("--", "#", "/*", ";", "%00"):
+    for comment in ("", queries[kb.dbms].comment):
         value = __effectiveUnionTest(query, comment)
 
         if value:
