Skip to content
This repository

SQLI labs to test error based, Blind boolean based, Time based.

branch: master
Octocat-spinner-32 Less-1 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-10 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-11 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-12 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-13 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-14 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-15 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-16 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-17 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-18 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-19 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-2 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-20 Fixing the regex for Less-29,30,31 and adding login.php and hacked.php December 03, 2012
Octocat-spinner-32 Less-21 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-22 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-23 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-24 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-25 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-25a Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-26 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-26a Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-27 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-27a Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-28 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-28a Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-29 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-3 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-30 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-31 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-32 Adding modules 36,37 on mysql_real_escape_string bypass May 03, 2013
Octocat-spinner-32 Less-33 Adding modules 36,37 on mysql_real_escape_string bypass May 03, 2013
Octocat-spinner-32 Less-34 Adding modules 36,37 on mysql_real_escape_string bypass May 03, 2013
Octocat-spinner-32 Less-35 Adding modules 36,37 on mysql_real_escape_string bypass May 03, 2013
Octocat-spinner-32 Less-36 Adding modules 36,37 on mysql_real_escape_string bypass May 03, 2013
Octocat-spinner-32 Less-37 Adding modules 36,37 on mysql_real_escape_string bypass May 03, 2013
Octocat-spinner-32 Less-38 Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 Less-39 Adding new lessons on stacked queries May 25, 2013
Octocat-spinner-32 Less-4 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-40 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45 May 27, 2013
Octocat-spinner-32 Less-41 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45 May 27, 2013
Octocat-spinner-32 Less-42 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45 May 27, 2013
Octocat-spinner-32 Less-43 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45 May 27, 2013
Octocat-spinner-32 Less-44 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45 May 27, 2013
Octocat-spinner-32 Less-45 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45 May 27, 2013
Octocat-spinner-32 Less-46 Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 Less-47 Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 Less-48 Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 Less-49 Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 Less-5 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-50 Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 Less-51 Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 Less-52 Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 Less-53 Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 Less-6 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-7 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-8 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 Less-9 Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 images Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 index-1.html_files Adding modules 36,37 on mysql_real_escape_string bypass May 03, 2013
Octocat-spinner-32 index-2.html_files Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 index.html_files Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
Octocat-spinner-32 sql-connections Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 SQL Injections-1.mm Adding modules 36,37 on mysql_real_escape_string bypass May 03, 2013
Octocat-spinner-32 SQL Injections-2.mm Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 SQL Injections.mm Commit for adding Less-20,21,22,23 August 25, 2012
Octocat-spinner-32 SQL Injections.png Commit for adding Less-20,21,22,23 August 25, 2012
Octocat-spinner-32 index-1.html Fixing and adding 3rd index page November 10, 2013
Octocat-spinner-32 index-2.html Adding Less46,47,48,49,50,51,52,53 November 17, 2013
Octocat-spinner-32 index.html Fixing and adding 3rd index page November 10, 2013
Octocat-spinner-32 readme.md Updating the readme.md file November 11, 2013
Octocat-spinner-32 readme.txt Adding container for Less-25 and adjusting readme.txt October 28, 2012
Octocat-spinner-32 sql-lab.sql Commit for adding Less-20,21,22,23 August 25, 2012
Octocat-spinner-32 tomcat-files.zip Adding chapter 32,33,34,35 and fixing and adjusting database backend … May 01, 2013
readme.md

README

SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:

  1. Error Based Injections (Union Select)
    1. String
    2. Intiger
  2. Error Based Injections (Double Injection Based)

  3. BLIND Injections: 1.Boolian Based 2.Time Based

  4. Update Query Injection.
  5. Insert Query Injections.
  6. Header Injections. 1.Referer based. 2.UserAgent based. 3.Cookie based.
  7. Second Order Injections
  8. Bypassing WAF
    1. Bypassing Blacklist filters Stripping comments Stripping OR & AND Stripping SPACES and COMMENTS Stripping UNION & SELECT
    2. Impidence mismatch
  9. Bypass addslashes()
  10. Bypassing mysql_real_escape_string. (under special conditions)
  11. Stacked SQL injections.
  12. Secondary channel extraction

Install Instructions:

  1. Unzip the contents inside the apache folder, for example under /var/www
  2. This will create a folder sql-labs under it. else you can use git command from within /var/www folder. /var/www folder and then use following command> git clone https://github.com/Audi-1/sqli-labs.git sqli-labs
  3. Open the file "db-creds.inc" which is under sql-connections folder inside the sql-labs folder.
  4. Update your MYSQL database username and password.(default for Backtrack are used root:toor)
  5. From your browser access the sql-labs folder to load index.html
  6. Click on the link setup/resetDB to create database, create tables and populate Data.
  7. Labs ready to be used, click on lesson number to open the lesson page.
  8. Enjoy the labs

Corrosponding walkthrough video tutorials and explainations can be found at:

  1. http://dummy2dummies.blogspot.com
  2. http://www.securitytube.net/user/Audi

you can also find the read along book at https://leanpub.com/SQLI-LABS, work is under process.

Something went wrong with that request. Please try again.