Chapter 5. Exploiting SQL Injection
In this chapter, we're going to learn different ways to exploit the popular vulnerability known as SQL injection, which I believe most readers are familiar with. An SQL injection flaw simply allows an attacker to inject or tamper with certain parts of a database query in a web application to perform attacker-specified operations such as exfiltration of data, writing files to the database server, or even achieving server side code execution.
I am going to cover this section mainly through an industry-grade tool that exploits SQL injection flaws; the tool is called SQLMap. SQLMap is a powerful and versatile open source tool written by Bernardo and Miroslav to dynamically detect and exploit SQL injection issues. The tool supports the following list of underlying DBMS softwares used in various web applications—MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB. The...
