There are occurrences in which the SQL injection is discovered inside a portal in the post login phase, after the username and password values have been supplied. The majority of the web applications handle these kinds of authorization through HTTP cookies and we can supply SQLMap with an HTTP cookie of the authorized login in order to successfully bypass the login, and exploit the SQL injection. Let's try to understand this with an example.

There's an administrative portal at http://admin.example.com and this asks for a login for a particular user. After the user is logged in, the portal provides different facilities such as employee payroll management and so on, and you discover an SQL injection inside ...