[sqlmap-users] [WARNING] GET parameter 'module' is not injectable

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Hello,</div>

<div>&nbsp;</div>

<div>I want to test our written function. So i start testing with the following command:</div>

<div>sqlmap.py -u &quot;https://SERVER/index.php?module=upload&amp;func=checkUserForm&amp;c_id=102&quot; --banner --auth-type=Basic --auth-cred=name:password</div>

<div>&nbsp;</div>

<div>Now I&#39;m wondering about the status of some messages.</div>

<div>&nbsp;</div>

<div>Why ist the following message a warning:</div>

<div>[09:25:52] [WARNING] GET parameter &#39;module&#39; is not injectable</div>

<div>&nbsp;</div>

<div>Or why ist this critical:</div>

<div>[09:26:54] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request</div>

<div>&nbsp;</div>

<div>Is there an overview about the different message-states (info, warning, critcal and so on) and the meaning of them?</div>

<div>&nbsp;</div>

<div>&nbsp;</div>

<div>A short listing of the whole output:</div>

<div>
<div>[09:24:49] [INFO] testing connection to the target URL</div>

<div>[09:24:51] [INFO] heuristics detected web page charset &#39;UTF-8&#39;</div>

<div>[09:24:51] [WARNING] reflective value(s) found and filtering out</div>

<div>[09:24:51] [INFO] testing if the target URL is stable. This can take a couple of seconds</div>

<div>[09:24:52] [INFO] target URL is stable</div>

<div>[09:24:52] [INFO] testing if GET parameter &#39;module&#39; is dynamic</div>

<div>[09:24:52] [INFO] confirming that GET parameter &#39;module&#39; is dynamic</div>

<div>[09:24:53] [WARNING] GET parameter &#39;module&#39; does not appear dynamic</div>

<div>[09:24:53] [WARNING] heuristic (basic) test shows that GET parameter &#39;module&#39; might not be injectable</div>

<div>[09:24:53] [INFO] testing for SQL injection on GET parameter &#39;module&#39;</div>

<div>[09:24:53] [INFO] testing &#39;AND boolean-based blind - WHERE or HAVING clause&#39;</div>

<div>[09:24:56] [INFO] testing &#39;MySQL &gt;= 5.0 boolean-based blind - Parameter replace&#39;</div>

<div>[09:24:57] [INFO] testing &#39;MySQL &gt;= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause&#39;</div>

<div>[09:24:58] [INFO] testing &#39;PostgreSQL AND error-based - WHERE or HAVING clause&#39;</div>

<div>[09:25:00] [INFO] testing &#39;Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause&#39;</div>

<div>[09:25:01] [INFO] testing &#39;Oracle AND error-based - WHERE or HAVING clause (XMLType)&#39;</div>

<div>[09:25:03] [INFO] testing &#39;MySQL &gt;= 5.0 error-based - Parameter replace&#39;</div>

<div>[09:25:03] [INFO] testing &#39;MySQL inline queries&#39;</div>

<div>[09:25:03] [INFO] testing &#39;PostgreSQL inline queries&#39;</div>

<div>[09:25:04] [INFO] testing &#39;Microsoft SQL Server/Sybase inline queries&#39;</div>

<div>[09:25:04] [INFO] testing &#39;MySQL &gt; 5.0.11 stacked queries (SELECT - comment)&#39;</div>

<div>[09:25:05] [INFO] testing &#39;PostgreSQL &gt; 8.1 stacked queries (comment)&#39;</div>

<div>[09:25:07] [INFO] testing &#39;Microsoft SQL Server/Sybase stacked queries (comment)&#39;</div>

<div>[09:25:08] [INFO] testing &#39;Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)&#39;</div>

<div>[09:25:10] [INFO] testing &#39;MySQL &gt;= 5.0.12 AND time-based blind (SELECT)&#39;</div>

<div>[09:25:11] [INFO] testing &#39;PostgreSQL &gt; 8.1 AND time-based blind&#39;</div>

<div>[09:25:13] [INFO] testing &#39;Microsoft SQL Server/Sybase time-based blind&#39;</div>

<div>[09:25:14] [INFO] testing &#39;Oracle AND time-based blind&#39;</div>

<div>[09:25:16] [INFO] testing &#39;Generic UNION query (NULL) - 1 to 10 columns&#39;</div>

<div>[09:25:16] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option</div>

<div>&#39;--dbms&#39;</div>

<div>[09:25:32] [INFO] testing &#39;MySQL UNION query (NULL) - 1 to 10 columns&#39;</div>

<div>[09:25:52] [WARNING] GET parameter &#39;module&#39; is not injectable</div>

<div>[09:25:52] [INFO] testing if GET parameter &#39;func&#39; is dynamic</div>

<div>sqlmap got a 302 redirect to &#39;https://SERVER:443/index.php&#39;. Do you want to follow? [Y/n] n</div>

<div>[09:26:54] [ERROR] detected invalid data for declared content encoding &#39;gzip&#39; (&#39;unpack requires a string argument of length 4&#39;)</div>

<div>[09:26:54] [WARNING] turning off page compression</div>

<div>[09:26:54] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request</div>

<div>[09:26:55] [INFO] confirming that GET parameter &#39;func&#39; is dynamic</div>

<div>[09:26:55] [WARNING] GET parameter &#39;func&#39; does not appear dynamic</div>

<div>[09:26:55] [WARNING] heuristic (basic) test shows that GET parameter &#39;func&#39; might not be injectable</div>

<div>...</div>

<div>&nbsp;</div>

<div>&nbsp;</div>

<div>Thank you,</div>

<div>&nbsp;</div>

<div>regards Peter</div>

<div>&nbsp;</div>
</div>

<div class="signature">&nbsp;</div></div></body></html>