In this chapter we will cover the following topics:

• Looking for file inclusions
• Abusing file inclusions and uploads
• Manually identifying SQL injection
• Step-by-step error-based SQL injection
• Identifying and exploiting blind SQL injections
• Finding and exploiting SQL injections with SQLMap
• Exploiting an XML External Entity injection
• Detecting and exploiting command injection vulnerabilities