Finding and exploiting SQL Injections with SQLMap

As seen in the previous recipe, exploiting SQL Injections may be an industrious process. SQLMap is a command-line tool, included in Kali Linux, which can help us in the automation of detecting and exploiting SQL Injections with multiple techniques and in a wide variety of databases.

In this recipe, we will use SQLMap to detect and exploit an SQL Injection vulnerability and will obtain usernames and passwords of an application with it.

How to do it...

  1. Go to http://192.168.56.102/mutillidae.
  2. In Mutillidae's menu, navigate to OWASP Top 10 | A1 – SQL Injection | SQLi Extract Data | User Info.
  3. Try any username and password, for example user and password and then click on View Account Details.
  4. The login ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial