вот что я получил, подскажите что это и что делать?)
[01:09:43] [INFO] testing connection to the target URL
[01:09:43] [INFO] testing if the target URL is stable
[01:09:44] [WARNING] target URL is not stable. sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c
[01:09:48] [INFO] testing if GET parameter 'adv' is dynamic
[01:09:48] [INFO] confirming that GET parameter 'adv' is dynamic
[01:09:48] [INFO] GET parameter 'adv' is dynamic
[01:09:48] [WARNING] heuristic (basic) test shows that GET parameter 'adv' might not be injectable
[01:09:49] [INFO] testing for SQL injection on GET parameter 'adv'
[01:09:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[01:10:14] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)
[01:10:43] [INFO] testing 'Oracle AND time-based blind'
[01:10:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[01:10:44] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'
[01:11:33] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[01:12:03] [WARNING] GET parameter 'adv' is not injectable
[01:12:03] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp') If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment')
Комбинированный вид
