In this section, we are going to learn about a tool called sqlmap, which allows us to do everything we've learned so far and even more. This tool can be used against MySQL databases, which is the one that we used in our examples. It can also be used against Microsoft SQL, Oracle, and other databases. The tool is very useful; sometimes the injections aren't as nice as the ones we've seen, and sometimes we only get one output for each record and we have to loop through all the output. The tool can automate that and just do everything for us, which is much easier and much simpler.

This is the URL that we were using for the injection; http://10.20.14.204/mutillidae/index.php?page=user-info.php&password=aaa&user-info-php-submit-button=View+Account+Details ...