Hey,
I stumbled upon what I think is a valid SQLi during an engagement.
I identified it manually first, then attempted to use sqlmap which is unable to detect the injection.

I noticed that sql error in response is embedded in a custom url encoded META tag content. The truncated tag looks something like this:
<META name="truncated" content="ORA-01722%3A%20invalid%20number..........">

I can see it throwing multiple error such as: ORA-01722: invalid number
However, it seems to be url encoded and thats why sqlmap can't see it?
Or could it be becuase response need to be manipulated (strip down HTML tags and urldecode).

I have no issues trying things out just want to see if this has been addressed before.