SQL injection vulnerabilities and exploitation

In this section, we are going to explore the following vulnerabilities and exploitations using SQL injection:

  • Discovering SQL injections with GET
  • Reading database information
  • Finding database tables
  • Extracting sensitive data such as passwords

To start discovering SQL injections with GET, use the following instructions:

  1. Power on the OWASP BWA virtual machine. After a few minutes, the virtual machine will provide you with its IP address.
  2. Head on over to your Kali Linux (attacker) machine and enter the IP address of the OWASP BWA virtual machine in the web browser of Kali Linux.
  3. Click on the bWAPP application as shown here:
  1. Use bee for the username and bug as the password to log in to the ...

Get Learn Kali Linux 2019 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.