param does not seem to be injectable
hi .. when run sqlmap using this command
$ sqlmap -u 'http://target.com/login' --data='username=admin&password=314' --cookie='PHPSESSID=bk8ku2tf2vrcugesedv9ic5or5' --level=5 --risk=3 --dbs --random-agent --tamper=space2comment.py,between.py --time-sec=2 --dbms=mysql -p username --no-cast --batch


Sqlmap has already cooperated with Google. If you have any problems, you can google it first. 😝
look at the time: 164708
I searched in Google and did not find a solution
look at the time: 164708
this!! u idiot...😅
maybe WAF block you~ how the fuck I know why? I'm not a god~
knassar702 reacted with thumbs down emoji??? fk u! just google it u idiot~😃
u don't know how to google? let me tell u then. google this:「sqlmap "false positive"」
I searched in Google and did not find a solution
what's that mean? it's mean ure a fking idiot
1) after 1min sqlmap tell me the username param is vulnerable - not true. It said "appears"
2) now sqlmap tell me this param not vulnerable - you can see that it failed the "false-positive" test(s)
This all basically means that that same parameter when being changed with a SQLi payload it "appears" to "play along", but when being asked for any kind of logic question (e.g. 2+3>5) it doesn't return expected results (i.e. false positive)