Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
SQLI labs to test error based, Blind boolean based, Time based.
PHP Objective-C++ JavaScript CSS
branch: master
Failed to load latest commit information.
Less-1 Adding error_reporting till lesson 20
Less-10 Adding error_reporting till lesson 20
Less-11 Adding error_reporting till lesson 20
Less-12 Adding error_reporting till lesson 20
Less-13 Adding error_reporting till lesson 20
Less-14 Adding error_reporting till lesson 20
Less-15 Adding error_reporting till lesson 20
Less-16 Adding error_reporting till lesson 20
Less-17 Adding error_reporting till lesson 20
Less-18 Adding error_reporting till lesson 20
Less-19 Adding error_reporting till lesson 20
Less-2 Adding error_reporting till lesson 20
Less-20 Adding error_reporting till lesson 20
Less-21 Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-22 Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-23 Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-24 Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-25 Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-25a Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-26 Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-26a Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-27 Adding error_reporting till lesson 20
Less-27a Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-28 Adding error_reporting till lesson 20
Less-28a Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-29
Less-3 Adding error_reporting till lesson 20
Less-30 Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-31 Adding chapter 32,33,34,35 and fixing and adjusting database backend …
Less-32 Adding modules 36,37 on mysql_real_escape_string bypass
Less-33 Adding modules 36,37 on mysql_real_escape_string bypass
Less-34 Adding modules 36,37 on mysql_real_escape_string bypass
Less-35 Adding modules 36,37 on mysql_real_escape_string bypass
Less-36 Adding modules 36,37 on mysql_real_escape_string bypass
Less-37 Adding modules 36,37 on mysql_real_escape_string bypass
Less-38 Adding Less46,47,48,49,50,51,52,53
Less-39 Adding new lessons on stacked queries
Less-4 Adding error_reporting till lesson 20
Less-40 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45
Less-41 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45
Less-42 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45
Less-43 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45
Less-44 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45
Less-45 Adding modules on Stacked Queries Less-38,39,40,41,42,43,44,45
Less-46 Adding Less46,47,48,49,50,51,52,53
Less-47 Adding Less46,47,48,49,50,51,52,53
Less-48 Adding Less46,47,48,49,50,51,52,53
Less-49 Adding Less46,47,48,49,50,51,52,53
Less-5 Adding error_reporting till lesson 20
Less-50 Add updated index pages, removing result.txt
Less-51 Add updated index pages, removing result.txt
Less-52 Add updated index pages, removing result.txt
Less-53 Add updated index pages, removing result.txt
Less-54 Adding error_reporting till lesson 20
Less-55 adding facebook page link
Less-56
Less-57 Adding same correction to other challenges as last one
Less-58 Adding same correction to other challenges as last one
Less-59 Adding same correction to other challenges as last one
Less-6 Adding error_reporting till lesson 20
Less-60 Adding same correction to other challenges as last one
Less-61 Adding same correction to other challenges as last one
Less-62 Adding same correction to other challenges as last one
Less-63 Adding same correction to other challenges as last one
Less-64 Adding same correction to other challenges as last one
Less-65 Adding same correction to other challenges as last one
Less-7 Adding error_reporting till lesson 20
Less-8 Adding error_reporting till lesson 20
Less-9 Adding error_reporting till lesson 20
images Adding challenge Less 54,55,56,57,58,59,60,61,62
index-1.html_files Adding modules 36,37 on mysql_real_escape_string bypass
index-2.html_files Add updated index pages, removing result.txt
index-3.html_files Add updated index pages, removing result.txt
index.html_files Adding chapter 32,33,34,35 and fixing and adjusting database backend …
sql-connections fixing issue with autopopulate script
SQL Injections-1.mm Adding modules 36,37 on mysql_real_escape_string bypass
SQL Injections-2.mm Add updated index pages, removing result.txt
SQL Injections-3.mm Add updated index pages, removing result.txt
SQL Injections.mm Commit for adding Less-20,21,22,23
SQL Injections.png
index-1.html Add updated index pages, removing result.txt
index-2.html Add updated index pages, removing result.txt
index-3.html Add updated index pages, removing result.txt
index.html Add updated index pages, removing result.txt
readme.md adding facebook page link
readme.md~ updating readme.md
readme.txt updating readme.md
readme.txt~ updating readme.md
sql-lab.sql Commit for adding Less-20,21,22,23
tomcat-files.zip Adding chapter 32,33,34,35 and fixing and adjusting database backend …

readme.md

README

SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:

  1. Error Based Injections (Union Select)
    1. String
    2. Intiger
  2. Error Based Injections (Double Injection Based)

  3. BLIND Injections: 1.Boolian Based 2.Time Based

  4. Update Query Injection.
  5. Insert Query Injections.
  6. Header Injections. 1.Referer based. 2.UserAgent based. 3.Cookie based.
  7. Second Order Injections
  8. Bypassing WAF
    1. Bypassing Blacklist filters Stripping comments Stripping OR & AND Stripping SPACES and COMMENTS Stripping UNION & SELECT
    2. Impidence mismatch
  9. Bypass addslashes()
  10. Bypassing mysql_real_escape_string. (under special conditions)
  11. Stacked SQL injections.
  12. Secondary channel extraction

Install Instructions:

  1. Unzip the contents inside the apache folder, for example under /var/www
  2. This will create a folder sql-labs under it. else you can use git command from within /var/www folder. /var/www folder and then use following command> git clone https://github.com/Audi-1/sqli-labs.git sqli-labs
  3. Open the file "db-creds.inc" which is under sql-connections folder inside the sql-labs folder.
  4. Update your MYSQL database username and password.(default for Backtrack are used root:toor)
  5. From your browser access the sql-labs folder to load index.html
  6. Click on the link setup/resetDB to create database, create tables and populate Data.
  7. Labs ready to be used, click on lesson number to open the lesson page.
  8. Enjoy the labs

Corrosponding walkthrough video tutorials and explainations can be found at:

  1. http://dummy2dummies.blogspot.com
  2. http://www.securitytube.net/user/Audi
  3. https://www.facebook.com/sqlilabs

you can also find the read along book at https://leanpub.com/SQLI-LABS, work is under process.

Challenge Section added: Less-54 to Less - 61 special challenge lessons added to repository for testing skills learnt from the other Lab lessons.

Something went wrong with that request. Please try again.