SQLi & Mapper

Injection attacks are intrusive in the sense that they are done with almost no visibility into the backend of a system, but are used to provide detailed information about it. In my experience of using tools like SQLmap, you are able to build queries that are processed as usual but have malicious intent.

SQLmap, in particular, looks to perform injection attacks on databases that are associated with your website or application. It can help someone identify what types of input sanitisation methods would be needed to prevent attacks like this from happening.

This type of tool is used during the vulnerability assessment and exploit phases, as it is used to not only perform the attacks to get into a system by retrieving sensitive information, but also allow entry into a system through errors.