I am new to SQLMAP
, I have been practicing with the Altoro Mutual portal which is a vulnerable portal, just enter the code 'OR 1 = 1 -
in one of its forms (Login) and we will obtain administrator access to the portal.
sqlmap -u "https://demo.testfire.net/login.jsp" --data="uid=u&passw=p&btnSubmit=Login" --random-agent --cookie="JSESSIONID=154E7E124BE018261F6146682657A5EF" -method POST
As you can see, I define a cookie to facilitate access and enter the data sent by the form uid = u & passw = p & btnSubmit = Login
. This information was obtained using BurpSuite.
At the end of the execution, sqlmap reports that no fields are injectable:
What am I doing wrong?