I am testing my own flask application that should be vulnerable.
I am using this in SQlmap:
sqlmap -u "https://test.heroku.com/checkusername/student*"
but the requests with payloads I am receiving contain student+payload. I think it's not working for this reason.
I tried
sqlmap -u "https://test.heroku.com/checkusername/*"
but got 404 and the test ended.
Do you know how to deal with this?
Example of request I got
GET /loggin/student%20AND%202788%3D%28SELECT%20%28CASE%20WHEN%20%282788%3D2788%29%20THEN%202788%20ELSE%20%28SELECT%209168%20UNION%20SELECT%209538%29%20END%29%29--%20lGfn