Olá pessoal,preciso de ajuda...
Já vi muitos tutoriais,e faço igual,porém mão dá certo...
ÁS vezes aparece que o URL não é estável...(Isso é do quê?alguém pode explicar?)
Outras vezes aparece que a variável GET não é injetável
e outras aparece isto:
Código todo:
Já vi muitos tutoriais,e faço igual,porém mão dá certo...
ÁS vezes aparece que o URL não é estável...(Isso é do quê?alguém pode explicar?)
Outras vezes aparece que a variável GET não é injetável
e outras aparece isto:
Código:
20:18:06] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Also, you can try to rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details
Código todo:
Código:
[20:14:42] [INFO] testing connection to the target url [20:14:44] [INFO] heuristics detected web page charset 'ascii' [20:14:44] [INFO] testing if the url is stable, wait a few seconds [20:14:46] [INFO] url is stable [20:14:46] [INFO] testing if GET parameter 'id' is dynamic [20:14:47] [INFO] confirming that GET parameter 'id' is dynamic [20:14:48] [INFO] GET parameter 'id' is dynamic [20:14:49] [INFO] heuristics detected web page charset 'ISO-8859-2' [20:14:49] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable [20:14:49] [INFO] testing for SQL injection on GET parameter 'id' [20:14:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [20:15:00] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' [20:15:05] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [20:15:10] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause' [20:15:17] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' [20:15:22] [INFO] testing 'MySQL > 5.0.11 stacked queries' [20:15:27] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [20:15:32] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [20:15:41] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [20:15:46] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [20:15:52] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [20:15:58] [INFO] testing 'Oracle AND time-based blind' [20:16:03] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [20:17:05] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [20:17:05] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using the --dbms option [20:18:06] [WARNING] GET parameter 'id' is not injectable [20:18:06] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Also, you can try to rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details