This chapter covered different ways in which we can utilize SQLMap to exploit the SQL injection flaws. SQL injection is a critical issue from a security standpoint and most breaches and data leaks we see today are as a result of this. For additional reading I'd like to suggest a book called SQL Injection Attacks and Defense by Justin Clarke and a comprehensive video series by Audi-1 himself, available at http://www.securitytube.net/user/Audi.

SQLMap has some awesome switches like --levels and --risks which can be looked up; these provide SQLMap additional tests to perform while looking for injection points; some switches are more elite, like the --os-pwn which grants an immediate Meterpreter shell of Metasploit. Please do read their official ...