I used ZAP proxy to determine that login was injectable with GET request as login" AND "1"="1 was injectable, but it returned the url to me in this format:
https://example.com/login%22%20AND%20%221%22=%221
I have checked, and it is injectable at that point, but I don't know what parameters to use to exploit it. My current setup, with redirects disabled (not shown), is not working. Here is the setup:
sqlmap -u "https://example.com/login%22%20AND%20%221%22=%221" --level=5 --risk=3 --fingerprint --common-tables --dbs --all --common-columns --technique=BEUSTQ --keep-alive --dependencies --hex --timeout=120 --time-sec=10
For some reason, even with between disabled, sqlmap is changing
login" AND "1"="1
to #1*