For anyone who is struggling with this question.
As I went through this module, it really felt like it assumed some experience with SQLi and even different DBMSs, a topic that is IMO unintuitive to beginners. I don’t recall if the description addresses this or recommends a beginner SQLi module as a precursor.
Nonetheless, for this particular question, the hint ( Use the prefix ‘`)’ ) can be a little deceiving but it’s definitely where the answer lies. I will tell you now, you won’t need --suffix, --level, or --risk for this one. What you do need is to understand the following:
- The key is in the use of the backtick (`), this is because there’s a difference between what different DBMSs use to delimit string literals (single or double quotes) and identifiers (backticks, double quotes, or square brackets) such as tables, dbs, and columns.
- The problem is that with what we’re given so far in this module, sqlmap is unable to find out what the back-end DBMS is:
[INFO] the back-end DBMS is MySQL. - If you notice that the hint uses a backtick next to the parenthesis, and that it will follow the column identifier ‘id’, then it’s immediately obvious that the issue lies in syntax.
- Thus, in a closer to real similar scenario where this hint isn’t given, if you can’t immediately fingerprint the DBMS that is being used in the backend, perhaps you’d have to try the different syntax options used by different DBMS. That is unless there’s a better more obvious way that im oblivious to.
- Here’s are the commons identifier delimiters for different DBMSs:
MySql - Backticks
PostgreSQL/Oracle/SQLite - Double Quotes
SQL Server - Square Brackets
Hope this helps any fellow strugglers.