При сканировании сайтов выдает непонятные символы,может это шифр папок или еще что.. Помогите пожалуйста новичку,может это и глупый вопрос,но сильно бейте http://itmages.ru/image/view/5020832/78db2088
вот что я получил, подскажите что это и что делать?) [01:09:43] [INFO] testing connection to the target URL [01:09:43] [INFO] testing if the target URL is stable [01:09:44] [WARNING] target URL is not stable. sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c [01:09:48] [INFO] testing if GET parameter 'adv' is dynamic [01:09:48] [INFO] confirming that GET parameter 'adv' is dynamic [01:09:48] [INFO] GET parameter 'adv' is dynamic [01:09:48] [WARNING] heuristic (basic) test shows that GET parameter 'adv' might not be injectable [01:09:49] [INFO] testing for SQL injection on GET parameter 'adv' [01:09:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [01:09:52] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace' [01:09:52] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause' [01:09:53] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [01:10:03] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause' [01:10:13] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' [01:10:13] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace' [01:10:13] [INFO] testing 'MySQL inline queries' [01:10:13] [INFO] testing 'PostgreSQL inline queries' [01:10:14] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' [01:10:14] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - comment)' [01:10:14] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more) [01:10:17] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)' [01:10:21] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)' [01:10:31] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)' [01:10:35] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT)' [01:10:36] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [01:10:39] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [01:10:43] [INFO] testing 'Oracle AND time-based blind' [01:10:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [01:10:44] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms' [01:11:33] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [01:12:03] [WARNING] GET parameter 'adv' is not injectable [01:12:03] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp') If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment') C:\sqlmap>
