In pentest 3.0, vulnOS 2, how he knows that vulnerable parameter is odm_usr
Ideally, you would check all the tables inside the database. In this case, we do see username and password in the odb_user table and that’s why the vulnerable parameter is odm_user. You can read the walkthroughs listed on several websites to see how they figure it out. One such is - https://infosecwriteups.com/vulnhub-vulnos-2-walkthrough-7ca0b9db013f
He said that vulnerable parameter is odm_usr in BURPSUITE, How he finds that odm_usr is vulnerable in burpsuite
You have to check the tables in the databases to find which one is the vulnerable parameter. Most of the time these types of demos will include some part that the instructor knows already but does not explain in detail so that the people can try to figure it out.