SQLMAP module case 8

Tehnomancer99 · October 7, 2022, 9:06am

Hello
I am really stuck here and can’t find a way to get the flag.
I tried a lot like : sqlmap -u “” --data=“id=1&t0ken=tl6lgGmtEKbJoztg6KLezWq4aVzWknanJ6mUiY8bc” --csrf-token=“t0ken” --batch --dump

OR
$ sqlmap -u “” --data=“id=1&csrf-t0ken=pNo7gIWxKP3vtFjmFJ2zQW0uA0yrKCRy1tE1VHU” --csrf-token=“t0ken” --csrf-url=‘’ --dump-all --batch

or other syntax but nothing works all I get is a “anti-CSRF token ‘t0ken’ can’t be found at ” error.
I tried token and t0ken too
Can you please help ?
Thank you

Vaniicx · October 7, 2022, 10:05am

Hi mate,

You’re overstressing it.
Intercept the request with burpsuite as the “–data” flag can be tricky to handle and just handle the token correctly.
If you need any more help just dm me!

Vx

Tehnomancer99 · October 7, 2022, 10:11am

You are right !
I can’t believe i worked !

Thank you sir !

Topic		Replies	Views
Bypassing Web Application Protections - SQLMAP ESSENTIALS Academy	5	2391	November 2, 2024
SQLMap Essentials HTB ACADEMY case 8 Academy	3	782	March 13, 2023
academy sqlmap essentials case:10 Programming sql-injection , sqlmap , academy-help	21	3665	November 13, 2024
SQLMap Essentials - Bypassing Web Application Protections: Case#11 Academy	4	733	October 18, 2024
SQLMap Essentials flag5 Incorrect Other sqlmap	6	1833	March 31, 2024

SQLMAP module case 8

Related topics