[DEBUG] got HTTP error code: 500 on boolean-based blind

[asadmalik786]

Hello , i need some help in doing blind sql injections and i'm facing this error "[DEBUG] got HTTP error code: 500 (Internal Server Error)" when sqlmap checks payloads against url.

My Target is:-
Server: Microsoft-IIS/7.5
Retrieved x-powered-by header: ASP.NET
Retrieved x-aspnet-version header: 2.0.50727

I USED THESE SWITCHES WITH SQLMAP.

-v 4 --parse-errors --banner --dbs --random-agent --level=5 --risk=3

and it shows HTTP 500 Error as shown below.
[...]
[07:11:15] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[07:11:15] [WARNING] parsed DBMS error message: 'System.ArgumentException: parsing "Page=2)..[""']'(" - Too many )'s.'
[07:11:15] [WARNING] heuristic (basic) test shows that GET parameter 'Page' might not be injectable
[07:11:15] [INFO] testing for SQL injection on GET parameter 'Page'
[07:11:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[07:11:15] [PAYLOAD] 2) AND 8998=5058
[..]

Target is confirm vulnerable to blind Sql Injections, bug found by acunetix and Uniscan project.kindly help me regarding this that how can i do perfect injection using sqlmap. i tried --hex but didn't succeed.

PS : i got this from NIKTO.
Server banner has changed from 'Microsoft-IIS/7.5' to 'Microsoft-HTTPAPI/2.0' which may suggest a WAF, load balancer or proxy is in place.

waiting for your reply.

[stamparm]

got HTTP error code: 500 (Internal Server Error) is a normal behavior in testing phase. Please try to exploit it manually and you'll see what does it mean.

[asadmalik786]

Alright , but at the end it didn't succeed. it shows this error on level=1 to level=5 with risk=3

[06:20:30] [WARNING] GET parameter 'Page' is not injectable
[06:20:30] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp')
[06:20:30] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 59 times

i cant do this manually. is their is another suggestions to complete this.i was thinking that it might be some waf installed.

[stamparm]

You have a bad premise. If software like Acunetix says that something is injectable (most probably of that error message), you can't take it as granted. Please try to exploit it manually and come back later.

[asadmalik786]

the Uniscan project http://uniscan.sourceforge.net/ also identified that its blind sqli.
anyway, the thing you cleared here that their is no WAF. i will try to do it manually !
thanks

[asadmalik786]

@stamparm Bro , i have checked it manually , its blind Sql Injection wait for delay in post content,i have checked it manually!!.The testing Post parameters are in user name form field, which is ..

username'; waitfor delay '00:00:10' --

by doing this it get respond after 10 seconds, now plz help me to do the rest of the queries using sqlmap, in order to get database.

waiting for your reply thanks.

[asadmalik786]

thanks i got it !

[bb1ox1bb]

asadmalik786

so maby u can share you exp how did u finished that attack?