SQLMAP module case 8

I am really stuck here and can’t find a way to get the flag.
I tried a lot like : sqlmap -u “” --data=“id=1&t0ken=tl6lgGmtEKbJoztg6KLezWq4aVzWknanJ6mUiY8bc” --csrf-token=“t0ken” --batch --dump

$ sqlmap -u “” --data=“id=1&csrf-t0ken=pNo7gIWxKP3vtFjmFJ2zQW0uA0yrKCRy1tE1VHU” --csrf-token=“t0ken” --csrf-url=‘’ --dump-all --batch

or other syntax but nothing works all I get is a “anti-CSRF token ‘t0ken’ can’t be found at ” error.
I tried token and t0ken too
Can you please help ?
Thank you

Hi mate,

You’re overstressing it.
Intercept the request with burpsuite as the “–data” flag can be tricky to handle and just handle the token correctly.
If you need any more help just dm me!


1 Like

You are right !
I can’t believe i worked !

Thank you sir !

1 Like