sqlmap is used in the HTB machine Vaccine
First let's get the help using
This will help us structure our sqlmap query
1. We need to provide the target url
2. We need to provide the PHPSESSID
3. We need to add --os-shell to get a shell
--os-shell can be used to get a shell
With all that info we can now construct our query as follow:
sqlmap --url="http://10.129.247.166/dashboard.php?search=sandy" --cookie="PHPSESSID=530lii3ob5pbh3hii8rifld73o" --os-shell
Your IP and your PHPSESSID will be different than mine
You will now be prompted to enter Y or N a couple of times. Just press enter for all.
We got the shell!