Sqlmap: Cant find inj after --crawl

Created on 10 May 2017  ·  4Comments  ·  Source: sqlmapproject/sqlmap

resul saved to results-05072017_0229pm.csv
https://site.com/irs,Host,Host,T,

target.txt
https://site.com/irs (POST) user=RCpu&name=%D0%98%D0%BC%D1%8F&mail=E-mail

After runing sqlmap

python.exe sqlmap/sqlmap.py -u "https://site.com/irs" --data="user=RCpu&name=%D0%98%D0%BC%D1%8F&mail=E-mail" --batch --level 5 --risk 3 --threads=10 --dbms=mysql

sqlmap cant find saved inj

[05:46:40] [CRITICAL] all tested parameters appear to be not injectable. Also, y
ou can try to rerun by providing a valid value for option '--string' as perhaps
the string you have chosen does not match exclusively True responses. If you sus
pect that there is some kind of protection mechanism involved (e.g. WAF) maybe y
ou could retry with an option '--tamper' (e.g. '--tamper=space2comment')

duplicate

All 4 comments

python.exe sqlmap/sqlmap.py --version?

@JonhSilver because of #2527, I guess that you are dealing with the false positive (time-based SQLi on Host is something that is at least suspicious). Please rerun everything with --flush-session.

Last version.

rerun everything with --flush-session found in all target the same injection point
and i can find database names and tables with first run

How to disable database version enumeration?

@JonhSilver you are providing zero (0) useful data into all your issues. Also, you are not spending a second to debug and/or find what is going on in the first place. Please restrain yourself in future or I'll need to report/block you to the Github support team

Was this page helpful?
0 / 5 - 0 ratings

Related issues

dispater13 picture dispater13  ·  7Comments

stamparm picture stamparm  ·  4Comments

ethicalhack3r picture ethicalhack3r  ·  3Comments

GeoffreyVDB picture GeoffreyVDB  ·  3Comments

wenre picture wenre  ·  5Comments