Skip to content
/ sqli-labs Public
forked from Audi-1/sqli-labs

SQLI labs to test error based, Blind boolean based, Time based.

1 star 1.5k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gwuniversity/sqli-labs

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
Less-1
Less-1
 
 
Less-10
Less-10
 
 
Less-11
Less-11
 
 
Less-12
Less-12
 
 
Less-13
Less-13
 
 
Less-14
Less-14
 
 
Less-15
Less-15
 
 
Less-16
Less-16
 
 
Less-17
Less-17
 
 
Less-18
Less-18
 
 
Less-19
Less-19
 
 
Less-2
Less-2
 
 
Less-20
Less-20
 
 
Less-21
Less-21
 
 
Less-22
Less-22
 
 
Less-23
Less-23
 
 
Less-24
Less-24
 
 
Less-25
Less-25
 
 
Less-25a
Less-25a
 
 
Less-26
Less-26
 
 
Less-26a
Less-26a
 
 
Less-27
Less-27
 
 
Less-27a
Less-27a
 
 
Less-28
Less-28
 
 
Less-28a
Less-28a
 
 
Less-29
Less-29
 
 
Less-3
Less-3
 
 
Less-30
Less-30
 
 
Less-31
Less-31
 
 
Less-32
Less-32
 
 
Less-33
Less-33
 
 
Less-34
Less-34
 
 
Less-35
Less-35
 
 
Less-36
Less-36
 
 
Less-37
Less-37
 
 
Less-38
Less-38
 
 
Less-39
Less-39
 
 
Less-4
Less-4
 
 
Less-40
Less-40
 
 
Less-41
Less-41
 
 
Less-42
Less-42
 
 
Less-43
Less-43
 
 
Less-44
Less-44
 
 
Less-45
Less-45
 
 
Less-46
Less-46
 
 
Less-47
Less-47
 
 
Less-48
Less-48
 
 
Less-49
Less-49
 
 
Less-5
Less-5
 
 
Less-50
Less-50
 
 
Less-51
Less-51
 
 
Less-52
Less-52
 
 
Less-53
Less-53
 
 
Less-54
Less-54
 
 
Less-55
Less-55
 
 
Less-56
Less-56
 
 
Less-57
Less-57
 
 
Less-58
Less-58
 
 
Less-59
Less-59
 
 
Less-6
Less-6
 
 
Less-60
Less-60
 
 
Less-61
Less-61
 
 
Less-62
Less-62
 
 
Less-63
Less-63
 
 
Less-64
Less-64
 
 
Less-65
Less-65
 
 
Less-7
Less-7
 
 
Less-8
Less-8
 
 
Less-9
Less-9
 
 
images
images
 
 
index-1.html_files
index-1.html_files
 
 
index-2.html_files
index-2.html_files
 
 
index-3.html_files
index-3.html_files
 
 
index.html_files
index.html_files
 
 
sql-connections
sql-connections
 
 
SQL Injections-1.mm
SQL Injections-1.mm
 
 
SQL Injections-2.mm
SQL Injections-2.mm
 
 
SQL Injections-3.mm
SQL Injections-3.mm
 
 
SQL Injections.mm
SQL Injections.mm
 
 
SQL Injections.png
SQL Injections.png
 
 
index-1.html
index-1.html
 
 
index-2.html
index-2.html
 
 
index-3.html
index-3.html
 
 
index.html
index.html
 
 
readme.md
readme.md
 
 
readme.md~
readme.md~
 
 
readme.txt
readme.txt
 
 
readme.txt~
readme.txt~
 
 
sql-lab.sql
sql-lab.sql
 
 
tomcat-files.zip
tomcat-files.zip
 
 

Repository files navigation

README

SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:

  1. Error Based Injections (Union Select)

    1. String
    2. Intiger

  2. Error Based Injections (Double Injection Based)

  3. BLIND Injections: 1.Boolian Based 2.Time Based

  4. Update Query Injection.

  5. Insert Query Injections.

  6. Header Injections. 1.Referer based. 2.UserAgent based. 3.Cookie based.

  7. Second Order Injections

  8. Bypassing WAF

    1. Bypassing Blacklist filters Stripping comments Stripping OR & AND Stripping SPACES and COMMENTS Stripping UNION & SELECT
    2. Impidence mismatch

  9. Bypass addslashes()

  10. Bypassing mysql_real_escape_string. (under special conditions)

  11. Stacked SQL injections.

  12. Secondary channel extraction

======================================================================================== Install Instructions:

  1. Unzip the contents inside the apache folder, for example under /var/www
  2. This will create a folder sql-labs under it. else you can use git command from within /var/www folder. /var/www folder and then use following command> git clone https://github.com/Audi-1/sqli-labs.git sqli-labs
  3. Open the file "db-creds.inc" which is under sql-connections folder inside the sql-labs folder.
  4. Update your MYSQL database username and password.(default for Backtrack are used root:toor)
  5. From your browser access the sql-labs folder to load index.html
  6. Click on the link setup/resetDB to create database, create tables and populate Data.
  7. Labs ready to be used, click on lesson number to open the lesson page.
  8. Enjoy the labs

==========================================================================================

Corrosponding walkthrough video tutorials and explainations can be found at:

  1. http://dummy2dummies.blogspot.com
  2. http://www.securitytube.net/user/Audi
  3. https://www.facebook.com/sqlilabs

you can also find the read along book at https://leanpub.com/SQLI-LABS, work is under process.

==========================================================================================

Challenge Section added: Less-54 to Less - 61 special challenge lessons added to repository for testing skills learnt from the other Lab lessons.

==========================================================================================

About

SQLI labs to test error based, Blind boolean based, Time based.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PHP 81.9%
  • HTML 9.6%
  • JavaScript 3.6%
  • CSS 3.1%
  • Hack 1.8%