[sqlmap-users] stunned

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi, I've tested manually several sites which give me typical ODBC
MS-SQL syntax error with simple tick inserted in the POST login
parameters. Again when I perform different payloads like "union select
blabla" the error message change and show me I'm interact effectively
with the db.
BUT if I perform a simple test with sqlmap -u www.foo.bar/login.asp
--method=post --data=par1=val1&par2=val2 -p par1 it say me par1 is not
injectable (while manually it is). Why sqlmap doesn't see the vuln?
Where I wrong?
Again if in the data option i put a normal value for par1 (like asdf),
sqlmap say me "the parameter par 1 is not dynamic" and shutdown, while
if I put directly a tick after asdf value in the data option, sqlmap
see it like "dynamic" and start the tests (with "not injectable"
response at the end)
help plz
thks
mariuolo