[ sqli ]

For sqli you can either do it manually or with a tool. Now to do it manually you can use a dorks or like I said before if you aren't lazy then you can find one without.

Testing the site to see if it's vuln you can add ' now you will get a sql error if vuln, if it doesn't do that that doesn't mean it's not vuln. It just mean the site has better security for the sqli you could try entering ' OR * in login page if it's vuln it would give you an sql error if vuln now that you tested it you can find columns, etc instead of putting SELECT * "want you want".

You could just use dorks on the site since you've know found out that it's vuln to sqli and can put something like:

inurl:"target site"
inurl:admin SELECT * "what you want"
inurl:”.php?id=” intext:”Buy Now”
inurl:”.php?id=” intext:”shopping”
it would take you straight to the database.

Using sqlmap. Pretty straight forward, once youve found the parameters you type in: python sqlmap.py -u somesite.com/index.php?id=1 --random-agent --threads=10 --tables --columns. There are lots of various commandands you can use, but that one works fine on most sites.

sqli tutorial eBook