Finding SQL injection vulnerabilities
SQL injection vulnerabilities are caused by the lack of sanitation of user input, and they allow attackers to execute DBMS queries that could compromise the entire system. This type of web vulnerability is very common, and because each script variable must be tested, checking for such vulnerabilities can be a very tedious task. Fortunately, we can use Nmap to quickly scan a web server looking for SQL injection vulnerabilities.
This recipe shows how to find SQL injection vulnerabilities in web applications with Nmap NSE.
How to do it...
To find SQL injection vulnerabilities in web servers with Nmap, use the following command:
$ nmap -p80 --script http-sql-injection <target>
All vulnerable files will be shown with the payload used:
  PORT STATE SERVICE   80/tcp open http syn-ack   | http-sql-injection:   | Possible sqli for queries:   |_ http://xxx/index.php?param=13'%20OR%20sqlspider
How it works...
The script http-sql-injection.nse
...