Finding and exploiting SQL Injections with SQLMap
As seen in the previous recipe, exploiting SQL Injections may be an industrious process. SQLMap is a command-line tool, included in Kali Linux, which can help us in the automation of detecting and exploiting SQL Injections with multiple techniques and in a wide variety of databases.
In this recipe, we will use SQLMap to detect and exploit an SQL Injection vulnerability and will obtain usernames and passwords of an application with it.
How to do it...
- Go to
- In Mutillidae's menu, navigate to OWASP Top 10 | A1 – SQL Injection | SQLi Extract Data | User Info.
- Try any username and password, for example
passwordand then click on View Account Details.
- The login ...