SQLi detection after custom parsing output

[QFTx]

Hey,
I stumbled upon what I think is a valid SQLi during an engagement.
I identified it manually first, then attempted to use sqlmap which is unable to detect the injection.

I noticed that sql error in response is embedded in a custom url encoded META tag content. The truncated tag looks something like this:
<META name="truncated" content="ORA-01722%3A%20invalid%20number..........">

I can see it throwing multiple error such as: ORA-01722: invalid number
However, it seems to be url encoded and thats why sqlmap can't see it?
Or could it be becuase response need to be manipulated (strip down HTML tags and urldecode).

I have no issues trying things out just want to see if this has been addressed before.

[stamparm]

1. Just tried the similar case without any issues. sqlmap tries to provoke error which contains (grep-able) alpha-numeric result, hence, the encoding like you've described doesn't make any difference.
2. I would say that either you have problem with general truncation of error message which can be used in the first place (no usable space for the usable error part of the message) OR you don't have a usable SQLi in the first place (getting error message which just nags about the expected parameter format)
3. Please either create a traffic file (-t traffic.txt) and send it to me (miroslav@sqlmap.org) or send an URL itself to that same address

[stamparm]

ping?