SQL injection is a method that allows hackers to take advantage of the vulnerability of the Website’s input data checking and the error messages returned by the database management system to inject and execute commands. Illegal SQL. SQL injection helps hackers to execute commands like select, insert, update, delete etc right on the web browser, even the server the application is running on.
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
Although, it has been many years since the first SQLi vulnerability was discovered. SQLi is still a very common vulnerability in web applications. Almost all credit card (CC) thefts are exploited from this vulnerability. Previously, online stores were mostly exploited SQL injection to steal information of shoppers. Now it’s much better.
Aim to hone SQLi vulnerability detection skills. Member DDos (of the WhiteHat forum) introduces the sqli-labs project to you. This project includes 65 different labs with increasing difficulty. The contents of sqli-labs include almost all possible paths to SQLi errors such as: GET/POST request, User-Agent…
Practice exploiting SQL injection errors with Sqli-labs
To install sqli-lab, you need:
You can install software Xamp (version 5.6) or Amp to simulate PHP, MySQL environment on Windows. Or practice right on a Linux virtual machine (Centos, Ubuntu, Kali Linux).
I will guide you to practice on Windows with Xampp emulator software.
Step 1: Load Xamp (using version 5.6)and proceed with the installation as usual.
Delete all files in the directory: C:\xampp\htdocs
Step 2: Open Xampp Control Panel
Press the button Start Apache, MySQL. (If Start doesn’t work, see how to fix the error at this lesson)
Step 3: You download the Sqli-labs installation package at the link below
Step 4: Extract the downloaded file, and copy it to the folder C:\xampp\htdocs
Step 5: Access the link http://localhost on the Web browser.
Click on Setup/reset Database for labs to start installing data for Sqli-labs
If you see the image below, the installation is successful.
Step 6: Go back to localhost home page and click on SQLi-LABS Page-1(Basic Challenges) to start learning from lesson 1.
If you find it difficult to practice SQLi-Labs exercises, check out the channels Tutorials on Youtube.