Using sqlmap to find SQL Injection on the login page