Identifying error based SQL injection
Injection flaws is the number one kind of vulnerability in the OWASP top 10 list from 2013; included, among others, the one that we will test in this recipe: SQL Injection (SQLi).
Most modern web applications implement some kind of database, be it local or remote. SQL is the most popular language. In a SQLi attack, the attacker seeks to abuse the communication between application and database by making the application send altered queries by injecting SQL commands in forms' inputs or any other parameter in the request that is used to build a SQL statement in the server.
In this recipe, we will test the inputs of a web application to see if it is vulnerable to SQL Injection.
How to do it...
Log into DVWA and then perform the following steps:
Go to SQL Injection.
Similar to the previous recipe, let's test the normal behavior of the application by introducing a number. Set User ID as 1 and click on Submit.
By interpreting the result, we can say that the application...
