In this chapter, we learned about SQL injection vulnerabilities, how to detect them, and how to exploit them. We can conclude with the following points:

• SQL injection vulnerabilities occur due to a lack of input validation.
• To identify a SQL injection bug, enter special characters to generate an error or unexpected behavior.
• There are three main types of SQL injection: in-band, inferential or blind, and out-band.
• You can use the Intruder and Comparer tools, included in Burp Suite, to automate SQL injection identification.
• Using sqlmap, it is possible to automate SQL injection exploitation.