I'm using SQLMap for test SQL Injections on a login form, when the server validates credentials it returns an HTTP 200 Status Code and in the response body: {"code":1} (on valid credentials) or {"code":0} (on invalid credentials).
Since the status code is always 200 I need SQLMap to look for that string in the body, I found the following parameter:
--string=STRING String to match when query is evaluated to True)
I'm using it like this:
sqlmap -u https://example.com/login --method="POST" --data "user=1&password=2" --text-only --string='{"code":0}' -v 6
But when SQLMap receives {"code":1} from the server just ignores it instead of detecting it as a successful injection.
Is there something I'm doing wrong or any ideas of how can I match that string in the response?
Here is the full server response:
HTTP/1.1 200 OK
Server: Apache/2.4.25 (Debian)
Content-Length: 15
Connection: close
Content-Type: text/html; charset=UTF-8
{"code":0}
Thanks in advance.
