Closed rootpentesting closed 1 year ago
@rootpentesting nuclei's detection works based on the template you are running, public templates are not written to work against acunetix test page, instead, you can use fuzzing-templates for the type of scan you are looking to run.
nuclei -t ~/GitHub/fuzzing-templates/ -u http://testphp.vulnweb.com/listproducts.php?cat=1
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.9.0
projectdiscovery.io
[INF] Using Nuclei Engine 2.9.0 (latest)
[INF] Using Nuclei Templates 9.4.0 (latest)
[INF] Templates added in last update: 65
[INF] Templates loaded for scan: 17
[INF] Targets loaded for scan: 1
[reflected-xss] [http] [medium] http://testphp.vulnweb.com/listproducts.php?cat=1'"><35041
[sqli-error-based:mysql] [http] [critical] http://testphp.vulnweb.com/listproducts.php?cat=1' [SQL syntax; check the manual that corresponds to your MySQL,Warning: mysql_,check the manual that corresponds to your MySQL server version]
Greetings, Why is nuclei not being able to detect this simple error based SQLI ? on this acunetix vulnerable webpage, only once it was able for me to detect it. i also tryed both with all templates and only the generic ones.