SQL Injection can be found anywhere in the application, for example, on the login page, GET,POST parameters, behind authentication, and sometimes even on cookies themselves. Using sqlmap is not very different from how we have used it in the previous recipe, but the intention of this recipe is to help you understand how sqlmap can also be used to exploit SQL Injections on pages accessible only after authentication.

In this recipe, we will look at how we can use sqlmap to exploit SQL Injections on authenticated pages. Using the -r switch allows sqlmap to use cookies within the request while checking for URL, whether they are accessible or not. Since sqlmap can process cookies from the ...