HackEDU has replicated a SQL injection vulnerability in Grab.com that was found through HackerOne’s bug bounty program. Try this lesson to learn more about SQL injection and how this vulnerability can be exploited to steal database information. You will create a SQL injection attack using sqlmap that steals data from a wordpress database.
Grip, much like Grab.com, is a taxi app. This is a wordpress website that relies on plugins for the functionality. One of the wordpress plugins has a SQL injection vulnerability that will be exploited.
This sandbox comes with a linux system with sqlmap installed which you can use in your attack on the target. sqlmap is a tool to help automate and exploit SQL injection vulnerabilities.