Automatically Finding SQL Injections

Learn how to automate the process of discovering possible SQL injections in a web application.

We'll cover the following...

Overview
The sqlmap tool
Damn Small SQLi Scanner (DSSS)

Overview

We’ve already discussed how to manually find areas that are susceptible to SQL injection. We’ve also discussed how to further probe those areas and then actually exploit them. Sometimes though, we just don’t have the time to manually go through all the possible areas on a web application and try out everything that comes to mind. This is where a pentester should adopt a systematic approach, and automated tools enter the stage. Some of the common tools are:

sqlmap
jSQL Injection
DSSS
Metasploit (ships with a number of scanners)
Nmap (queries a list of database vulnerabilities against

...

Introduction to the Course

Introduction to Linux

Introduction to Python

Web and Server Technology

Network Management and Analysis

Open-Source Intelligence

Cross-Site Scripting

SQL Injection

Authentication and Authorization

Cross-Site Request Forgery

Social Engineering Attacks

Broader Security Concepts

Wrapping Up

Automatically Finding SQL Injections

Overview