I am trying to understand the SQLi so I ran SQLMap with ‘-vvv’ parameter
4: Show also HTTP requests.
I did scan one of the vulnerable and ‘free to hack’ sites. In one of the requests sent, the response from SQLmap was:
[22:25:10] [DEBUG] got HTTP error code: 500 (‘Internal Server Error’)
[22:25:10] [INFO] GET parameter ‘id’ appears to be ‘AND boolean-based blind – WHERE or HAVING clause’ injectable (with –code=200)
I tried to use same payload
GET /showforum.asp?id=1%20AND%20%28SELECT%20CHR%28116%29%7C%7CCHR%28100%29%7C%7CCHR%2885%29%7C%7CCHR%28111%29%20FROM%20SYSIBM.SYSDUMMY1%29%3D%27tdUo%27 in Burp but it keeps throwing me 500 error.
Can someone explain me how did excatly SQLmap come to this conclusion that parameter ID is injectable, while there was an error? I tried to compare different 500 error responses, but no difference between this specific payload ant other ones.
Any answer will be appreciated, thanks.