param does not seem to be injectable
hi .. when run sqlmap using this command
$ sqlmap -u 'http://target.com/login' --data='username=admin&password=314' --cookie='PHPSESSID=bk8ku2tf2vrcugesedv9ic5or5' --level=5 --risk=3 --dbs --random-agent --tamper=space2comment.py,between.py --time-sec=2 --dbms=mysql -p username --no-cast --batch
after 1min sqlmap tell me the username param is vulnerable

after that .. now sqlmap tell me this param not vulnerable

why..?
param does not seem to be injectable
hi .. when run sqlmap using this command
after 1min sqlmap tell me the username param is vulnerable
after that .. now sqlmap tell me this param not vulnerable
why..?