[sqlmap-users] Weird spot for an error...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hey guys, just ran across this one, SQL error comes back in the HTTP header.

Anyone else ran across something like this?  If so, how did you get SQLMap
to pick up on it?

Vulnerable Param is GET -> ECTID

Request - Target Info Redacted
GET /cgi/
search_page.pl?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9'&ABHOME=1<http://search_page.pl/?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9%27&ABHOME=1>
 HTTP/1.1
Host: X.X.X.X
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101
Firefox/22.0 Iceweasel/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://stuff.stuff.com/cgi/MRABdetails.pl?USER=admin&ECTID=9&MRP=lwJLt5inR&LASTID=30323&ABMASTER=2&ANDOR=and&ANCHOR=anchoron&SESS_ID=52a3435e497351139f35330ca0a3d81d&
Cookie: popupBlockerDisabled=true; __unam=f2242fe-14489b9a9cd-4e848782-1;
DocumentWidth=1400
Connection: keep-alive

Response -
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,max-age=0
ETag: ""
Server: Microsoft-IIS/7.5
Can't get config data from generic config table: getFromConfigFile: Can't
execute sql select * from SomeTable  where ECTID= ? AND URE= ? AND Deleted
is null AND rKey in ('P', 'S') Order by mOrder asc, values: [9'
KBStatuses][Microsoft][ODBC SQL Server Driver]Invalid character value for
cast specification (SQL-22018) at C:\Stuff\\cgi\SUBS\FP\GenericConfig.pl
line 179.
Date: Thu, 13 Mar 2014 21:39:00 GMT
Connection: close
Content-Length: 0

Cheers,

N8