[sqlmap-users] Weird spot for an error...

Mon, 17 Mar 2014 12:32:39 -0700 

Hey guys, just ran across this one, SQL error comes back in the HTTP header.

Anyone else ran across something like this?  If so, how did you get SQLMap
to pick up on it?

Vulnerable Param is GET -> ECTID

Request - Target Info Redacted
GET /cgi/
search_page.pl?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9'&ABHOME=1<http://search_page.pl/?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9%27&ABHOME=1>
 HTTP/1.1
Host: X.X.X.X
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101
Firefox/22.0 Iceweasel/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://stuff.stuff.com/cgi/MRABdetails.pl?USER=admin&ECTID=9&MRP=lwJLt5inR&LASTID=30323&ABMASTER=2&ANDOR=and&ANCHOR=anchoron&SESS_ID=52a3435e497351139f35330ca0a3d81d&;
Cookie: popupBlockerDisabled=true; __unam=f2242fe-14489b9a9cd-4e848782-1;
DocumentWidth=1400
Connection: keep-alive


Response -
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,max-age=0
ETag: ""
Server: Microsoft-IIS/7.5
Can't get config data from generic config table: getFromConfigFile: Can't
execute sql select * from SomeTable  where ECTID= ? AND URE= ? AND Deleted
is null AND rKey in ('P', 'S') Order by mOrder asc, values: [9'
KBStatuses][Microsoft][ODBC SQL Server Driver]Invalid character value for
cast specification (SQL-22018) at C:\Stuff\\cgi\SUBS\FP\GenericConfig.pl
line 179.
Date: Thu, 13 Mar 2014 21:39:00 GMT
Connection: close
Content-Length: 0

Cheers,

N8

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to