Hi.
Could you please explain what is a false positive here exactly? Also, could
you please explain what does a term 'false positive' means?
Kind regards,
Miroslav Stampar
On Mar 22, 2013 7:28 AM, "Mardian Gunawan" <gunawanmard...@gmail.com> wrote:
> Hi,
>
> How you doing guys.
>
> im testing and manually put ' (tick) and the web spawn this error:
>
> Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
> result resource in /var/www/status.php on line 9
>
> using sqlmap level=3 and risk=3, sqlmap says "heuristic (parsing) test
> shows that GET parameter 'user' might be injectable (possible DBMS:
> 'MySQL')" yet I got is false positive.
>
> the web has no protection, I'm using --check-waf too.
>
> mostly with this error sqlmap can get through, any suggestion/hint guys?
>
>
> Thanks :))
> --
> Cheers,
> Gunma
> http://gunma.rootedker.nl
>
>
>
> --
> Cheers,
> Gunma
> http://gunma.rootedker.nl
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
