Sqlmap tested parameters might not be injectable

Question

When I try to inject something, after testing all parameters with --level=3 --risk=3, this shows up. Please tell me what to do, and where I'm wrong.

This is the full command:

sqlmap -u "www.mysite.com/index.php?id=1*" --level=3 --risk=3 --random-agent --string --regexp

[CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp'). If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment')

Please don't create a new account to update your question. Log in with your original account and edit your post. — schroeder, Oct 16 '16 at 17:45
As for your comment that you "want to get to the database" - we need a LOT more info. — schroeder, Oct 16 '16 at 17:46

score 1 · Answer 1 · answered Oct 16 '16 at 17:24

It means that sqlmap has not found any sql injection on parameters you tested. From my experience there is a chance there might be sql injection but you will have to test it manually as not tool is as good as humans brain. Or if you want to continue with tools try sqlninja or havij or any other automated sql injection exploitation tool.

Good luck.

Sqlmap tested parameters might not be injectable

1 Answers1