CSRF Tokens (Cross Site Request Forgery) are meant to prevent you from accessing without an appropriate token, proving you've visited the website instead of just running scripts against it.
You can bypass this with the --csrf-token="" flag for sqlmap, here's how.
Let's dissect the command we're using:
sqlmap 'http://94.237.49.11:34681/case8.php' --data="id=1&t0ken=m3DBpK9unvL7fw6SEisgjf3GU2xjDcjq1dslI994" --csrf-token="t0ken" --dumpFirstly, we're calling sqlmap with the website we're interrogating. We're next providing it the --data flag with the values we're interested in. In this case it's id=1 which we picked from the request header. You'll notice we have some stuff after that data flag and value id in the command. This is where it gets interesting. The & is concatenating additional needed data onto the end of it.
What we're concatenating onto this data value is the name of the csrf-token. In this case we can see from the screenshot below, in #2, that the csrf token name is t0ken. We're also going to provide the value of this token to this data field too.
We also want to tell sqlmap that we're using the csrf-token bypass option by providing that flag too (--csrf-token="") . We're also going to provide the token name here.
