Sqlmap: param does not seem to be injectable

Created on 24 Oct 2019  ·  10Comments  ·  Source: sqlmapproject/sqlmap

param does not seem to be injectable

hi .. when run sqlmap using this command

$ sqlmap -u 'http://target.com/login' --data='username=admin&password=314' --cookie='PHPSESSID=bk8ku2tf2vrcugesedv9ic5or5' --level=5 --risk=3 --dbs --random-agent --tamper=space2comment.py,between.py --time-sec=2 --dbms=mysql -p username --no-cast --batch 

after 1min sqlmap tell me the username param is vulnerable

sq

after that .. now sqlmap tell me this param not vulnerable

dd

why..?

bug report

All 10 comments

Sqlmap has already cooperated with Google. If you have any problems, you can google it first. 😝

look at the time: 164708

I searched in Google and did not find a solution

look at the time: 164708

this!! u idiot...😅

maybe WAF block you~ how the fuck I know why? I'm not a god~

knassar702 reacted with thumbs down emoji??? fk u! just google it u idiot~😃

u don't know how to google? let me tell u then. google this:「sqlmap "false positive"」

I searched in Google and did not find a solution

what's that mean? it's mean ure a fking idiot

1) after 1min sqlmap tell me the username param is vulnerable - not true. It said "appears"
2) now sqlmap tell me this param not vulnerable - you can see that it failed the "false-positive" test(s)

This all basically means that that same parameter when being changed with a SQLi payload it "appears" to "play along", but when being asked for any kind of logic question (e.g. 2+3>5) it doesn't return expected results (i.e. false positive)

Was this page helpful?
0 / 5 - 0 ratings