Not a bug Just a question seeking for help

[agx47]

Hello,

I tested a symbol (') syntax error in the target www.example.com/id='. In the browser itself, I got no syntax error. However, when testing the same in Burp Suite, I received a syntax error, and the same occurred in the Python response.

Sqlmap cannot find the back-end DBMS unless I use --skip-urlencode, but that leads to the following message:

css
Copy code
It looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
For the remaining tests, do you want to include all tests for 'MySQL', extending the provided level (1) and risk (1) values? [Y/n] y
[18:20:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[18:20:44] [PAYLOAD] 11
[18:20:45] [PAYLOAD] 11) AND 6931=3971 AND (6919 BETWEEN 6919 AND 6919
[18:20:45] [CRITICAL] unable to connect to the target URL. Sqlmap is going to retry the request(s)
Is there a parameter I should use for this case?

Sorry to bother you.

P.S.: Sqlmap didn’t find any WAF mechanisms.

[p0isonBR]

Do not use --skip-urlencode in the GET method, this causes a malformed url as defined in rfc1738, because space as a unsafe character.

You can testing in curl:

$ curl 'https://httpbin.org/ headers'
curl: (3) URL rejected: Malformed input to a URL function