Now, let's try to discover some SQL injections. We need to browse through our target and try to break each page. Whenever we see a textbox or a parameter on the form, such as page.php, then something is equal to something; try to inject stuff there, try to use a single quote, try to use an and, or the orderby statement to break the page and make it look different. For example, we will be using the Mutillidae vulnerable website from Metasploit. We are going to go into the Login/Register page first, as we can see in the following screenshot, and it will ask us to log in. Now, the site is registered with your name so you can just click on Please register here and register:

After registering, go to the login page. At the moment, ...