Good day,

Can smn help to solve ‘Running SQLMap on an HTTP Request’ module question - 'What’s the contents of table flag3? (Case #3)"

Maybe you can give some tips


So, I wasn’t able to get it with sqlmap. What I was able to do was perform sqlinjection via Burp. See what you can do by modifying the cookie.

I am stuck here as well. Can someone please help me? PM?

try to run sqlmap with --cookie, --dbs flags. You will get some info and can go further, investigate which flags you can use to seen db content.

1 Like

Anyone else struggling with this, remember the hint from the first question: Use options “–batch --dump” to automatically dump all data.
This was a deal breaker for me :slight_smile:


In case someone is still looking for the answer…

Since it’s asking us to test the cookie value,
sqlmap ‘url’ --cookie=‘id=1*’ --dump --batch

What does mean the ‘*’ next to ‘id=1’ cookie parameter? I think i might have missed it.

i completely forgot the --dump --batch part. got everything else right and was going nuts lol

its a special marker for POST parameters. you know the uid=1 but anything after that would need to be run through.

(someone please correct me if i am wrong)

1 Like