making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)

2025-12-06 12:41:30 +00:00 · 2012-05-09 09:08:23 +00:00
parent fdf61015ad
commit 37f2709197
3 changed files with 7 additions and 342 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -27,6 +27,7 @@ from lib.core.enums import PLACE
 from lib.core.exception import sqlmapNoneDataException
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import FROM_DUMMY_TABLE
+from lib.core.settings import GENERIC_SQL_COMMENT
 from lib.core.settings import PAYLOAD_DELIMITER
 from lib.core.unescaper import unescaper

@@ -188,6 +189,9 @@ class Agent:

        expression = self.cleanupPayload(expression)

+        if Backend.getIdentifiedDbms() == DBMS.ACCESS and comment == GENERIC_SQL_COMMENT:
+            comment = "%00"
+
        if comment is not None:
            expression += comment