Good day,

Can smn help to solve ‘Running SQLMap on an HTTP Request’ module question - 'What’s the contents of table flag3? (Case #3)"

Maybe you can give some tips


So, I wasn’t able to get it with sqlmap. What I was able to do was perform sqlinjection via Burp. See what you can do by modifying the cookie.

I am stuck here as well. Can someone please help me? PM?

try to run sqlmap with --cookie, --dbs flags. You will get some info and can go further, investigate which flags you can use to seen db content.

1 Like

Anyone else struggling with this, remember the hint from the first question: Use options “–batch --dump” to automatically dump all data.
This was a deal breaker for me :slight_smile:


In case someone is still looking for the answer…

Since it’s asking us to test the cookie value,
sqlmap ‘url’ --cookie=‘id=1*’ --dump --batch