Links:watch the HD video online: http://vimeo.com/f4l13n5now/sqli-ruxcon
This is Ruxcon WEB Pen Testing Training website (used to practise SQL injection) provided by Louis.
Backtrack 5 R2
Photoblog (training website)
vulnerability & exploit:
MySQL based SQL injection
1, discover the vulnerable services:
use NMAP to probe the opening ports and detect services
nmap -sS -sV -O 192.168.1.56 -v
found the following services:
 MySQL database service running on port 3306
 HTTP web service running on port 80
2, browes the website and detect the injection point
 the potential vulerable URL: http://192.168.1.56/cat.php?id=1
3, test the potential injection point if it has vulerability
 numberic based SQL injection test:
try apply the following two URL and check the different response.
URL one "http://192.168.1.56/cat.php?id=1 and 1=2" (response nothing)
URL two "http://192.168.1.56/cat.php?id=1 and 1=1" (response the normal page)
the test above shows that here is vunerable SQL injection point.
4, exploit the injection point and finally got admin.