During a penetration test sqlmap (version 1.4.5#stable) failed at finding an error-based SQLi.
In the screenshot below you can see a MSSQL error due to incorrect syntax using a single quote in the "Ticket" input field.
From the correct output (I'm sorry, but I cannot show you it), it is clear the query is using LIKE statement to search for a valid ticket.
Using a payload like whatever' AND 1=@@version AND 'a%'='a I correctly see the MSSQL banner (note the % in the last condition):
It seems sqlmap is not able to find this because when testing for "AND error-based" SQLi it uses a payload like ' AND <payload> AND 'Ctxm'='Ctxm, but this fails because the app is not just adding a single quote to the query, but a %' (percent sign, single quote) sequence.
During a penetration test sqlmap (version 1.4.5#stable) failed at finding an error-based SQLi.
In the screenshot below you can see a MSSQL error due to incorrect syntax using a single quote in the "Ticket" input field.
From the correct output (I'm sorry, but I cannot show you it), it is clear the query is using
LIKEstatement to search for a valid ticket.Using a payload like
whatever' AND 1=@@version AND 'a%'='aI correctly see the MSSQL banner (note the%in the last condition):It seems sqlmap is not able to find this because when testing for "AND error-based" SQLi it uses a payload like
' AND <payload> AND 'Ctxm'='Ctxm, but this fails because the app is not just adding a single quote to the query, but a%'(percent sign, single quote) sequence.