Member Avatar for davy_yg

Hello,

Can anyone help me check if this SQL Injection Vulnerability Scan is FREE :

https://suip.biz/?act=sqlmap

And is the report truly shows whether the website is vulnerable to SQL Injection or truly save.

This is the report example:

      ___
   __H__
 ___ ___["]_____ ___ ___  {1.2.3#stable}
|_ -| . [']     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:37:51

[10:37:51] [WARNING] unable to create output directory '/srv/http/.sqlmap/output' ([Errno 13] Permission denied: '/srv/http/.sqlmap'). Using temporary directory '/tmp/sqlmapgbITev17996/sqlmapoutputkV30WD' instead
[10:37:51] [INFO] testing connection to the target URL
[10:37:55] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
[10:37:57] [INFO] heuristics detected web page charset 'ascii'
[10:37:58] [CRITICAL] heuristics detected that the target is protected by some kind of WAF/IPS/IDS

do you want sqlmap to try to detect backend WAF/IPS/IDS? [y/N] N
[10:37:58] [WARNING] dropping timeout to 10 seconds (i.e. '--timeout=10')
[10:37:58] [INFO] testing if the target URL content is stable
[10:38:00] [INFO] target URL content is stable
[10:38:00] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')

[*] shutting down at 10:38:00

I cannot truly interpret the report. Please help.

Also, please gives me method to prevent SQL Injection.

Thanks in advance.

  • 2 Contributors
  • 1 Reply
  • 2K Views
  • 13 Hours Discussion Span
  • Latest Post Latest Post by rproffitt
Member Avatar for rproffitt

Since you got the report for free it appears that the results are indeed free.

As to understanding this report, I'll give you the answer for line 1. That's the first line of an ASCII graphic that follows on for a few lines. It's just for looks and to understand it you may have to move back another foot to see they made an ASCII graphic of their product name.

As to the rest, next time don't dump the entire report. Be specific to what line you wanted more thoughts about.

Finally I'm sure they offer support for a fee like most good companies do. The question becomes "Is it worth paying for?" For those that are just learning about the subject at hand, that can be a simple yes.

Parting note: This seems eerily similar to your post at https://www.daniweb.com/programming/web-development/threads/515767/amp-accelerated-mobile-pages That is, you seem to have yet again found something on the web.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.