How to Insert data into a table with sqlmap using its sql-query command

Most databases do not allow you to just insert data using SQL Injection (Unless of course you are already in an insert query and even then you usually can't control the table name). You can't simply stack queries, that is only allowed in Microsoft SQL Server, PostgreSQL and comic books. You can use a sub-select or union select to access data from another table, and SQLMap is doing this behind the scenes.

SQLMap's real strength is in data exfiltration. If you want something more complex, like a multi-staged attack that gives you a shell, then you need to write an exploit. Take off the training wheels and be man (or woman).

you can take a shell by --sql-shell option. For example in Kali:

sqlmap -u TARGET -D DBNAME --sql-shell

However,

some web application technologies do not support stacked queries on specic database management systems. For instance, PHP does not support stacked queries when the back-end DBMS is MySQL, but it does support when the back-end DBMS is PostgreSQL.

from sqlmap readme