Summary
To recap, in this chapter, we saw that SQL can be exploited to insert malicious code, using specific constructs and symbols. Some of these can be particularly useful for gathering information, but also for gaining privileged access to applications and databases themselves.
We also saw that the concept of injection in database systems not only involves SQL databases but also some non-relational ones, for which we've seen some examples.
The next chapter will be the first one of the practical section, and will focus on the setup of the same virtual environment we have seen in the examples involving Mutillidae II and Vicnum (by querying the information_schema
database, you probably noticed the presence of various applications, including the vulnerable WordPress version we saw earlier). While the practical examples shown in this chapter served only an explanatory role, the second part of this book is instead intended to have a more practical approach and is presented...