I wondered, as I was manually trying all the norms to generate a "false"
response.
I had just never seen an error response like that inside of the header.
Was wondering if sqlmap would pick it up.
Thanks for the clarification!
Cheers,
Nate
On Mar 17, 2014, at 2:51 PM, Miroslav Stampar
wrote:
Hi.
sqlmap should be able to spot this kind of SQLi out of the box. Problem in
your case is that it appears (IMHO) that your target is not vulnerable.
Error message != SQL injection ! Target warns you that targeted value can't
be casted to the desired type and that means that it's most probably no
Hey guys, just ran across this one, SQL error comes back in the HTTP header.
Anyone else ran across something like this? If so, how did you get SQLMap
to pick up on it?
Vulnerable Param is GET -> ECTID
Request - Target Info Redacted
GET /cgi/
search_page.pl?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321
