[go: up one dir, main page]
Skip to content
/ SQLiWeb Public
forked from PushpenderIndia/SQLiWeb

Lab Website For Practicing Different Types of SQL Injection Vulnerabilities

0 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

virushtk/SQLiWeb

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
Img
Img
 
 
sqli_challenges
sqli_challenges
 
 
README.md
README.md
 
 

Repository files navigation

SQLi Web

Website Containing Different Types of SQL Injection Vulnerabilities

Lab Preview

Lab Challenges

  • SQL Authentication Bypass - Single Quotes - 1
  • SQL Authentication Bypass - Double Quotes - 2
  • SQL Authentication Bypass - Parenthesis - 3
  • SQL Authentication Bypass - Single Quote Parenthesis - 4
  • SQL Authentication Bypass - No Quotes - 5
  • SQL Authentication Bypass - Double Quote Parenthesis - 6
  • SQL Authentication Bypass - Single Quote Double Parenthesis - 7
  • SQL Authentication Bypass - Double Quote Double Parenthesis - 8
  • GET Parameter - Error Based - No Quotes - 1
  • GET Parameter - Error Based - Single Quotes - 2
  • GET Parameter - Error Based - Double Quotes - 3
  • GET Parameter - Error Based - Parenthesis - 4
  • GET Parameter - Error Based - Single Quotes Parenthesis - 5
  • GET Parameter - Error Based - Double Quotes Parenthesis - 6
  • GET Parameter - Error Based - Single Quotes Double Parenthesis - 7
  • GET Parameter - Error Based - Double Quotes Double Parenthesis - 8
  • More labs comming soon

Different Types of SQLi Vulnerabilities Covered

  • Error Based
  • Union Based
  • Double Query Based
  • Blind Boolean Based
  • Blind Time Based
  • Time Based

Injection Point of Vulnerabilities

  • GET Based Parameter
  • POST Based Parameter
  • Header Based Parameter
  • Cookies Based Parameter

Lab Setup Instructions

  1. Type sudo mysql -u root
  2. Enter this command mysql shell: grant all privileges on *.* to root@localhost identified by '' with grant option;
  3. Type \q or quit to exit mysql shell

  1. Copy & Paste the Command in your linux System
sudo git clone https://github.com/PushpenderIndia/SQLiWeb && sudo mv SQLiWeb/sqli_challenges /var/www/html && sudo rm -r SQLiWeb && sudo service apache2 start && sudo service mysql start && firefox http://127.0.0.1/sqli_challenges/php/db/setup.php &

If you have changed the MYSQL Credentials, You will get error in your browser, after running above command Follow below instructions for updating mysql creds

  1. Update MySQL Credentials in db_config.php file, present in /var/www/html/sqli_challenges/php/db/
<?php

// Update MySQL DB Credentials
$dbuser  = "root";
$dbpass  = "";

...
...

?>
  1. By Default db_creds.php will have MYSQL Username: root & Password: "" (No Password)
  2. Run this command to setup Database: firefox http://127.0.0.1/sqli_challenges/php/db/setup.php & or simply visit http://127.0.0.1/sqli_challenges/php/db/setup.php using web browser.
  3. After Setting up the website, it will redirect you to http://127.0.0.1/sqli_challenges/index.php
  4. Then whenever you want to start website, just run this command:
sudo service apache2 start && sudo service mysql start && firefox http://127.0.0.1/sqli_challenges/index.php &

Writeups

About

Lab Website For Practicing Different Types of SQL Injection Vulnerabilities

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PHP 69.8%
  • CSS 30.0%
  • JavaScript 0.2%