In this section, we are going to explore the following vulnerabilities and exploitations using SQL injection:
- Discovering SQL injections with GET
- Reading database information
- Finding database tables
- Extracting sensitive data such as passwords
To start discovering SQL injections with GET, use the following instructions:
- Power on the OWASP BWA virtual machine. After a few minutes, the virtual machine will provide you with its IP address.
- Head on over to your Kali Linux (attacker) machine and enter the IP address of the OWASP BWA virtual machine in the web browser of Kali Linux.
- Click on the bWAPP application as shown here:
![](https://static.packt-cdn.com/products/9781789611809/graphics/assets/4dc69b92-0578-4865-a8c4-ed1fe4953881.png)
- Use bee for the username and bug as the password to log in to the application. Then click login:
![](https://static.packt-cdn.com/products/9781789611809/graphics/assets/25357337-5c86-4788-9715-1c418deaeba8.png)
- Select the SQL Injection (Search/GET) option as shown here and click Hack to continue:
![](https://static.packt-cdn.com/products/9781789611809/graphics/assets/367d8a9e-363e-4285-b6a8-026ae4861c92.png)
- A search box and...