Re: [sqlmap-users] mysql_fetch_array(): - false positive
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] mysql_fetch_array(): - false positive
|
From: Miroslav S. <mir...@gm...> - 2013-03-22 06:36:52
|
Hi. Could you please explain what is a false positive here exactly? Also, could you please explain what does a term 'false positive' means? Kind regards, Miroslav Stampar On Mar 22, 2013 7:28 AM, "Mardian Gunawan" <gun...@gm...> wrote: > Hi, > > How you doing guys. > > im testing and manually put ' (tick) and the web spawn this error: > > Warning: mysql_fetch_array(): supplied argument is not a valid MySQL > result resource in /var/www/status.php on line 9 > > using sqlmap level=3 and risk=3, sqlmap says "heuristic (parsing) test > shows that GET parameter 'user' might be injectable (possible DBMS: > 'MySQL')" yet I got is false positive. > > the web has no protection, I'm using --check-waf too. > > mostly with this error sqlmap can get through, any suggestion/hint guys? > > > Thanks :)) > -- > Cheers, > Gunma > http://gunma.rootedker.nl > > > > -- > Cheers, > Gunma > http://gunma.rootedker.nl > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_mar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
