Summary
So, here we are at the end of this long and practical chapter. We've explored many different scenarios, applications, and attacks that are made possible by exploiting vulnerable application components that interact with SQL databases.
Mutillidae II gave us a glimpse of the basic attacks that can occur through SQL injection. Additionally, the Magical Code Injection Rainbow provided us with some challenges to wrap our heads around (which you could solve by applying what you've learned so far), sometimes, with twists. Finally, Peruggia helped us to apply our knowledge to a pseudo-realistic environment.
After dealing with manual SQL injection attacks, we learned what is possible using common software tools to automate SQL injection, both for scanning and attacking. We saw this with the Spider, Scan, and Fuzz modules of OWASP ZAP and sqlmap. We showed how manual intervention can be reduced significantly, improving efficiency for attackers and security testers alike...