Why can’t my sqlmap detect SQL injection? Is there something wrong with my command? [closed]

Çağlar Arlı - 17 Views

Why can’t my sqlmap detect SQL injection? Is there something wrong with my command? [closed]

I test the web application of the target virtual machine provided by my professor:

sqlmap --batch -u http://192.168.56.103:8754/payment-details/2 \
  --cookie=' JSESSIONID=<D38AEB6139DFC666E65D0D38BD82CE96>' -level=3 --risk=3

And the result is

[CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'                              
[06:07:49] [WARNING] HTTP error codes detected during run:
400 (Bad Request) - 112 times

I don't know what mistake I made, can anyone tell me how I should modify my command?

P	S	Ç	P	C	C	P
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Annanowa

Why can’t my sqlmap detect SQL injection? Is there something wrong with my command? [closed]

Why can’t my sqlmap detect SQL injection? Is there something wrong with my command? [closed]

Son Yazılar

Son Yorumlar