In this section, we are going to explore the following vulnerabilities and exploitations using SQL injection:
- Discovering SQL injections with GET
- Reading database information
- Finding database tables
- Extracting sensitive data such as passwords
To start discovering SQL injections with GET, use the following instructions:
- Power on the OWASP BWA virtual machine. After a few minutes, the virtual machine will provide you with its IP address.
- Head on over to your Kali Linux (attacker) machine and enter the IP address of the OWASP BWA virtual machine in the web browser of Kali Linux.
- Click on the bWAPP application as shown here:
- Use bee for the username and bug as the password to log in to the ...