I manage to locate the super admin’s ID by following the walkthrough. But before that, I tried to achieve the same thing with Sqlmap (my first idea is to scan for SQLi) and here is what I did: I used burp to open the site and copy the request to a file “req.txt”. Here is what’s in it -----------------------------------------------------req.txt-------------------------------------------- GET http://10.10.10.28/cdn-cgi/login/admin.php?content=accounts\*&id=1\* HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Referer: https://10.10.10.28/cdn-cgi/login/admin.php?content=uploads Cookie: user=86575; role=admin Upgrade-Insecure-Requests: 1 Host: 10.10.10.28 -------------------------------------------------end of req.txt-------------------------------- Then I used “sqlmap -r req.txt --batch” to scan for vulnerability, especially for the parameter field. But the result I got is "URI parameter ‘#1*’ does not appear to be dynamic " and “URI parameter ‘#2*’ does not appear to be dynamic”. And here is what I got confused. Did sqlmap give an inaccurate result or I used it wrong?