heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
Parameter might be vulnerable to XSS attacks
heuristic (XSS) test shows that GET parameter 'id' might be vulnerable to cross-site scripting (XSS) attacks
Back-end DBMS is '...'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n]
this can allow us to narrow down the payloads to a specific dbms
Level/Risk values
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n]
run deeper test when the dbms is identified.
run top level tests when dbms is not identified.
Reflective values found
reflective value(s) found and filtering ou
user input reflected in response. problematic for automated scanners but sqlmap filters it out.
Parameter appears to be injectable:
GET parameter 'id' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="luther")
id is injectable but could be an FP
with --string="luther" is used in the response for distinguishing TRUE from FALSE responses.
Time-based comparison statistical model
time-based comparison requires a larger statistical model, please wait........... (done)
Extending UNION query injection technique tests
automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
Technique appears to be USEABLE
ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
Parameter is vulnerable:
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
Sqlmap identified injection points
sqlmap identified the following injection point(s) with a total of 46 HTTP(s) requests:
Data logged to text files
fetched data logged to text files under '/home/user/.sqlmap/output/www.example.com'
