Hi, I'm new here in the null-byte community and would like to introduce myself. My name's Blank, and I've been into kali for quite some time now but only recently started to take it seriously. From roaming around the web looking for tutorials and informative posts to help me make my way to a PenTester I came across Null-Byte and found it to be quite useful.
Now I'm looking into SqlMap and a lot of times after scanning vulnerable websites (php id=1), it will end my scan with
WARNING GET parameter 'id' does not seem to be injectable
#And in all red:
CRITICAL all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp'). If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment')
Now I've tried add --level=3 --risk=3 to my command with similar results and can't seem to get any databases listed so I may continue with --tables, --columns, etc
Thanks :D
Be the First to Respond
Share Your Thoughts