devo9191
Reputation: 219
SQLMap host does not seem to be injectable, does this mean there are no vulnerabilities?
python sqlmap.py -u "https://localhost:8080" --level=5 --risk=5
[15:13:30] [WARNING] parameter 'Host' does not seem to be injectable
[15:13:30] [CRITICAL] all tested parameters do not appear to be injectable
SQLMap outputted this after many testing rows, is this the normal behaviour of the program or did I enter the url incorrectly?
Image shows whole output:
Upvotes: 1
Views: 2126
Answers (1)
Radoslav Bodó
Reputation: 661
... is this the normal behaviour of the program or did I enter the url incorrectly?
According to the output sqlmap did not find any vulnerable injection point.
Normally, -u would also require to specify parameters for testing, but since you've specified --level and --risk, sqlmap tried to inject into http headers with extended payload set. Some responses were suspected for vulnerability in Host header, but finding was not confirmed.
Upvotes: 0
Related Questions
- Is it possible to use SQLMAP against an ODBC driver connection?
- How sqlmap internally works?
- Custom sqlmap tamper script giving error: `bytes-like object is required, not 'str'`
- Connecting directly to database with credentials in SQLMap
- SQLMap succesul inject query browsing
- Print the value of injected parameter in sqlmap
- Getting hostname using sqlmap
- Sqlmap traffic capture
- verify sql injection through sqlmap
- the meaning of the instruction