Finding SQL injection vulnerabilities in web applications

SQL injection vulnerabilities are caused by the lack of sanitation of user input, and they allow attackers to execute DBMS queries that could compromise the entire system. This type of web vulnerability is very common, and because each script variable must be tested, checking for such vulnerabilities can be a very tedious task. Fortunately, we can use Nmap to quickly scan a web server looking for vulnerable files for SQL injection.

This recipe shows how to find SQL injection vulnerabilities in web applications with Nmap NSE.

How to do it...

To scan a web server looking for files vulnerable to SQL injection by using Nmap, use the following command:

$ nmap -p80 --script http-sql-injection <target> ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.