I work on a target that I know has SQL injection bug, because in this URL:
I get this answer
Database Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘Select * form aduan.emel’ ORDER BY transaksi_aduan.no_pendaftaran asc’ at line 11
But some sql commands, like
UNION SELECT @@version-- and
Union+select+NUll,null-- don’t work!
When I submit them, the server responds with error 500.
Why does this happen? I think it is the firewall, is there any way to bypass it?
Notice: I have tried all the tamper options in sqlmap, but they didn’t work and the server returned:
connection timed out to the target URL or proxy
I also tried –tor but it didn’t work.
Where is the problem?