A vulnerable web app that I have been enjoying recently is bWAPP. You should definitely check it out if you haven’t already.
I came across bWAPP as I have been wanting to get better at testing injection flaws, specifically SQL, XML, SSI and general command injection. In the process of doing so, I learned about a pretty neat way to conduct SQLi attacks by tampering with the User-Agent HTTP Header.
bWAPP has a vulnerable application which logs the IP address and User-Agent of visitors into a MySQL database. As the User-Agent string is not sanitized by the application, we can manipulate the value of string and replace it with malicious SQL statements.
Thanks for reading!