I was running a SQLInjection with sqlmap. My page has an error of sql but the error shows up once you logged in your account(Example: page.com/login.php and when you log you go to page.com/index.php?id=1 and here the sql error is evident). When i run sqlmap on page.com/index.php?id=1 the page redirects the sqlmap to page.com/login.php.It's possible to provide sqlmap a user and a password to make sqlmap log in the account and then perform the SQLInjection? Thank you for your time
You can use cookie parameter with sqlmap. First, log into your account and learn your cookie information then you can use --cookie
parameter. For example when login my account, my cookie is PHPSESSIONID=ajksdgadhakjsdhak
. After that, you could do just like command below in your terminal.
sqlmap.py --url http://page.com/index.php?id=1 --cookie='PHPSESSIONID=ajksdgadhakjsdhak' --dbs