making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)

2025-12-07 13:11:29 +00:00 · 2012-05-09 09:08:23 +00:00
parent fdf61015ad
commit 37f2709197
3 changed files with 7 additions and 342 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -27,6 +27,7 @@ from lib.core.enums import PLACE
 from lib.core.exception import sqlmapNoneDataException
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import FROM_DUMMY_TABLE
+from lib.core.settings import GENERIC_SQL_COMMENT
 from lib.core.settings import PAYLOAD_DELIMITER
 from lib.core.unescaper import unescaper

@@ -188,6 +189,9 @@ class Agent:

        expression = self.cleanupPayload(expression)

+        if Backend.getIdentifiedDbms() == DBMS.ACCESS and comment == GENERIC_SQL_COMMENT:
+            comment = "%00"
+
        if comment is not None:
            expression += comment

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -484,3 +484,6 @@ MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024

 # Mark used for trimming unnecessary content in large chunks
 LARGE_CHUNK_TRIM_MARKER = "__TRIMMED_CONTENT__"
+
+# Generic SQL comment formation
+GENERIC_SQL_COMMENT = "-- "