Good day,

Can smn help to solve ‘Running SQLMap on an HTTP Request’ module question - 'What’s the contents of table flag3? (Case #3)"

Maybe you can give some tips


So, I wasn’t able to get it with sqlmap. What I was able to do was perform sqlinjection via Burp. See what you can do by modifying the cookie.

I am stuck here as well. Can someone please help me? PM?

try to run sqlmap with --cookie, --dbs flags. You will get some info and can go further, investigate which flags you can use to seen db content.

Anyone else struggling with this, remember the hint from the first question: Use options “–batch --dump” to automatically dump all data.
This was a deal breaker for me :slight_smile:

sqlmap -u ‘http://your ip/case3.php’ --cookie=“id=1*” --dump