audi-1 / sqli-labs Goto Github PK
View Code? Open in Web Editor NEWSQLI labs to test error based, Blind boolean based, Time based.
SQLI labs to test error based, Blind boolean based, Time based.
sql-connection目录下找不到定义操作sql的一系列函数的php文件,比如mysql_connect(),mysql_query()等等,是不是需要读者自行定义?
Hi Audi,
I am trying to install this using git clone and when I try to initiate the DB Reset I am not getting anything. And apache logs are giving me below
::1 - - [13/Jun/2017:14:18:13 -0400] "GET /sqli-labs/sql-connections/setup-db.php HTTP/1.1" 500 848 "http://localhost/sqli-labs/" "Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Firefox/45.0"
I tried everything and seems not working. Any hints on solving this ? Thanks
Hello,i think the code in line 91 should be
fwrite($fp,'User Agent:'.$uagent."\n");
The readme.md said unzip it inside the apache folder. I wonder if use Nginx, it will different? or I can't use Nginx.
mysql_* functions not working on php7
Do you have one version in docker of sqli-labs?
I'm doing all the labs with Mysql 8 but on lesson 17 I can't update the admin password. I wonder whether Mysql 8 is parched and you can't update?
Any idea?
Hello,
On lessons 4 when I do http://localhost/sqli-labs/Less-4/?id=1' I don't get a error message
Roelof
This project appears to be missing a license.
Can you confirm what is it distributed under?
Hi Audi,
I have been following your awesome sqli labs, i am stuck with tomcat firewall lab. I am getting below error. I can confirm sample lesson 32 works fine with apache tomcat.
type Exception report
message An exception occurred processing JSP page /sqli-labs/Less-29/index.jsp at line 61
description The server encountered an internal error that prevented it from fulfilling this request.
exception
java.io.IOException: An exception occurred processing JSP page /sqli-labs/Less-29/index.jsp at line 61
58: URLConnection sqli_labs_connection = sqli_labs.openConnection();
59: BufferedReader in = new BufferedReader(
60: new InputStreamReader(
61: sqli_labs_connection.getInputStream()));
62: String inputLine;
63: while ((inputLine = in.readLine()) != null)
64: out.print(inputLine);
Stacktrace:
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
root cause
java.io.FileNotFoundException: http://localhost/sqli-labs/Less-29/index.php
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1625)
org.apache.jsp.sqli_002dlabs.Less_002d29.index_jsp._jspService(index_jsp.java:124)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.64 logs.
I'm working on Kali Linux with mariaDB 10.3.
I'm trying to do less-17 and there's no way of changing the admin's password. It gives me error "Bug off you silly dumb hacker".
Does anyone have a solution?
EX of Code error:
Welcome Dhakkan
SETTING UP THE DATABASE SCHEMA AND POPULATING DATA IN TABLES:
";} else {echo "[*]...................Error purging database: " . mysql_error(); echo "
";} //Creating new database security $sql="CREATE database security
CHARACTER S, ET gbk
"; if (mysql_query($sql)) {echo "[*]...................Creating New database successfully";echo "
";} else {echo "[*]...................Error creating database: " . mysql_error();echo "
Ive tried to reinstall this twice with the same error when clicking on the Setup/reset Database. Im using current version of Ubuntu. Apache2 has been installed and works. Same with mysql.
File location:
/var/www/sqli-labs/
Any suggestions?
长期大量收WebShell,高价寻渗透大佬合作,有意者联系Telegram:@xxx9964
Hello,
I understand that with ?=id=1' you can break the query.
But in your videos I cannot find how to repair it. I only see lesson 1 , 3 and 4
Roelof
Less-43
index.php
15lines
before is
<title>Less-42 - Stacked Query </title>right is
<title>Less-43 - Stacked Query </title>I've followed this video to install sqli-labs with php7 on Kali Linux and everything goes right. Easy and fast.
Hi,
Many people are facing this issues the code is compatible to only PHP4 & PHP5. The users have to either downgrade the version of PHP to PHP5, as the latest updated systems use PHP7 or have to change the code.
There is a blog which guide to change the code of this app specifically. To change the code refer to the following link:
http://www.hackingarticles.in/set-sqli-lab-kali/
even after this some may face certain issues that they can ask here.
SELECT * FROM users WHERE id='1' union select 1,2,3 -- 'LIMIT 0,1
After setting up lab with the following steps
https://www.kalilinux.in/2021/09/how-to-setup-sql-injection-labs-kali-linux.html
Got to mention that I use an edited version of repository
(https://github.com/Rinkish/Sqli_Edited_Version)
But I hope that community of "sqli-labs" ius much wider, and asking for help from you (issue is duplicated on the Rinkish's repo). So, setup-db.php seems to be OK, after pressing "Setup/reset Database for labs" everything is normal, no errors, but when I open up First lesson (as well as second, third and I guess every lesson) and trying to insert different id parameters I see no changes.
http://127.0.0.1/sqli/Less-1/?id=1 leads to the same result as if id=2.
Welcome Dhakkan and nothing more.
I tried to inspect the responsible code
$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
$result=mysqli_query($con, $sql);
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
$result=mysqli_query($con, $sql);
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
if($row)
{
echo "<font size='5' color= '#99FF00'>";
echo 'Your Login name:'. $row['username'];
echo "<br>";
echo 'Your Password:' .$row['password'];
echo "</font>";
}
else
{
echo '<font color= "#FFFF00">';
print_r(mysqli_error($con));
echo "</font>";
}
So Your Login name and Your Password doesn't present, may be $row is false, IDK.
apache2 and mysql services are started. I will be glad to hear any hints. Thanks in advance.
\n";} else {echo "[*]...................Error purging database: " . mysqli_error($con); echo "
\n";} //Creating new database security $sql="CREATE database security
CHARACTER SET gbk
"; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New database 'SECURITY' successfully";echo "
\n";} else {echo "[*]...................Error creating database: " . mysqli_error($con);echo "
\n";} //creating table users $sql="CREATE TABLE security.users (id int(3) NOT NULL AUTO_INCREMENT, username varchar(20) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (id))"; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New Table 'USERS' successfully";echo "
\n";} else {echo "[*]...................Error creating Table: " . mysqli_error($con);echo "
\n";} //creating table emails $sql="CREATE TABLE security.emails ( id int(3)NOT NULL AUTO_INCREMENT, email_id varchar(30) NOT NULL, PRIMARY KEY (id) )"; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New Table 'EMAILS' successfully"; echo "
\n";} else {echo "[*]...................Error creating Table: " . mysqli_error($con);echo "
\n";} //creating table uagents $sql="CREATE TABLE security.uagents ( id int(3)NOT NULL AUTO_INCREMENT, uagent varchar(256) NOT NULL, ip_address varchar(35) NOT NULL, username varchar(20) NOT NULL, PRIMARY KEY (id) )"; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New Table 'UAGENTS' successfully";echo "
\n";} else {echo "[*]...................Error creating Table: " . mysqli_error($con);echo "
\n";} //creating table referers $sql="CREATE TABLE security.referers ( id int(3)NOT NULL AUTO_INCREMENT, referer varchar(256) NOT NULL, ip_address varchar(35) NOT NULL, PRIMARY KEY (id) )"; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New Table 'REFERERS' successfully";echo "
\n";} else {echo "[*]...................Error creating Table: " . mysqli_error($con);echo "
\n";} //inserting data $sql="INSERT INTO security.users (id, username, password) VALUES ('1', 'Dumb', 'Dumb'), ('2', 'Angelina', 'I-kill-you'), ('3', 'Dummy', 'p@ssword'), ('4', 'secure', 'crappy'), ('5', 'stupid', 'stupidity'), ('6', 'superman', 'genious'), ('7', 'batman', 'mob!le'), ('8', 'admin', 'admin'), ('9', 'admin1', 'admin1'), ('10', 'admin2', 'admin2'), ('11', 'admin3', 'admin3'), ('12', 'dhakkan', 'dumbo'), ('14', 'admin4', 'admin4')"; if (mysqli_query($con, $sql)) {echo "[*]...................Inserted data correctly into table 'USERS'";echo "
\n";} else {echo "[*]...................Error inserting data: " . mysqli_error($con);echo "
\n";} //inserting data $sql="INSERT INTO security
.emails
(id, email_id) VALUES ('1', '[email protected]'), ('2', '[email protected]'), ('3', '[email protected]'), ('4', '[email protected]'), ('5', '[email protected]'), ('6', '[email protected]'), ('7', '[email protected]'), ('8', '[email protected]')"; if (mysqli_query($con, $sql)) {echo "[*]...................Inserted data correctly into table 'EMAILS'";echo "
\n";} else {echo "[*]...................Error inserting data: " . mysqli_error($con);echo "
\n";} //CREATE TABLE security.search (id int(3) NOT NULL AUTO_INCREMENT, search varchar(20) NOT NULL, PRIMARY KEY (id)); //INSERT INTO security
.search
(search) VALUES ( '[email protected]'), ('[email protected]'), ('[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]')"; //including the Challenges DB creation file. include("../sql-connections/setup-db-challenge.php"); ?>
Hi,
I still get this error while trying to set up the database:
SETTING UP THE DATABASE SCHEMA AND POPULATING DATA IN TABLES:
\n";} else {echo "[*]...................Error purging database: " . mysql_error(); echo "
\n";} //Creating new database security $sql="CREATE database `security` CHARACTER SET `gbk` "; if (mysql_query($sql)) {echo "[*]...................Creating New database 'SECURITY' successfully";echo "
\n";} else {echo "[*]...................Error creating database: " . mysql_error();echo "
\n";} //creating table users $sql="CREATE TABLE security.users (id int(3) NOT NULL AUTO_INCREMENT, username varchar(20) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (id))"; if (mysql_query($sql)) {echo "[*]...................Creating New Table 'USERS' successfully";echo "
\n";} else {echo "[*]...................Error creating Table: " . mysql_error();echo "
\n";} //creating table emails $sql="CREATE TABLE security.emails ( id int(3)NOT NULL AUTO_INCREMENT, email_id varchar(30) NOT NULL, PRIMARY KEY (id) )"; if (mysql_query($sql)) {echo "[*]...................Creating New Table 'EMAILS' successfully"; echo "
\n";} else {echo "[*]...................Error creating Table: " . mysql_error();echo "
\n";} //creating table uagents $sql="CREATE TABLE security.uagents ( id int(3)NOT NULL AUTO_INCREMENT, uagent varchar(256) NOT NULL, ip_address varchar(35) NOT NULL, username varchar(20) NOT NULL, PRIMARY KEY (id) )"; if (mysql_query($sql)) {echo "[*]...................Creating New Table 'UAGENTS' successfully";echo "
\n";} else {echo "[*]...................Error creating Table: " . mysql_error();echo "
\n";} //creating table referers $sql="CREATE TABLE security.referers ( id int(3)NOT NULL AUTO_INCREMENT, referer varchar(256) NOT NULL, ip_address varchar(35) NOT NULL, PRIMARY KEY (id) )"; if (mysql_query($sql)) {echo "[*]...................Creating New Table 'REFERERS' successfully";echo "
\n";} else {echo "[*]...................Error creating Table: " . mysql_error();echo "
\n";} //inserting data $sql="INSERT INTO security.users (id, username, password) VALUES ('1', 'Dumb', 'Dumb'), ('2', 'Angelina', 'I-kill-you'), ('3', 'Dummy', 'p@ssword'), ('4', 'secure', 'crappy'), ('5', 'stupid', 'stupidity'), ('6', 'superman', 'genious'), ('7', 'batman', 'mob!le'), ('8', 'admin', 'admin'), ('9', 'admin1', 'admin1'), ('10', 'admin2', 'admin2'), ('11', 'admin3', 'admin3'), ('12', 'dhakkan', 'dumbo'), ('14', 'admin4', 'admin4')"; if (mysql_query($sql)) {echo "[*]...................Inserted data correctly into table 'USERS'";echo "
\n";} else {echo "[*]...................Error inserting data: " . mysql_error();echo "
\n";} //inserting data $sql="INSERT INTO `security`.`emails` (id, email_id) VALUES ('1', '[email protected]'), ('2', '[email protected]'), ('3', '[email protected]'), ('4', '[email protected]'), ('5', '[email protected]'), ('6', '[email protected]'), ('7', '[email protected]'), ('8', '[email protected]')"; if (mysql_query($sql)) {echo "[*]...................Inserted data correctly into table 'EMAILS'";echo "
\n";} else {echo "[*]...................Error inserting data: " . mysql_error();echo "
\n";} //CREATE TABLE security.search (id int(3) NOT NULL AUTO_INCREMENT, search varchar(20) NOT NULL, PRIMARY KEY (id)); //INSERT INTO `security`.`search` (search) VALUES ( '[email protected]'), ('[email protected]'), ('[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]')"; //including the Challenges DB creation file. include("../sql-connections/setup-db-challenge.php"); ?>
even though I have php5.6. Anything else I might try?
Best,
Florian
This one is outdated...
perfectly working version:
https://github.com/Rinkish/Sqli_Edited_Version
DB setup/reset always create a database with name 'security' instead of using the dbname we put in db-creds.inc. Not much of a problem, though.
Hi All,
While learning from video 6 i understood that the rand function should be producing errors which would be providing us information about underlying database But when i am using group by clause as provided in the sqli tutorial i am not getting the expected output as audi had in the video.
Now my question's are , is this behavior because of Mysql version i am using ? has there been any change in the working of group by clause ? and What shall i do to resolve this issue and get an error as shown in the video tutorial ?
I am adding a snip of my terminal below.
I am using Bitnami's xampp version 5.6.31 for the lab and from the below snip you could understand the version of database in use.
MariaDB [security]> select count(*),concat (0x03a,0x03a,(select version()),0x03a,0x03a, floor(rand()2)) a from information_schema.tables group by a;
+----------+--------------------------+
| count() | a |
+----------+--------------------------+
| 97 | : :10.1.25-MariaDB : :0 |
| 91 | : :10.1.25-MariaDB : :1 |
+----------+--------------------------+
2 rows in set (0.01 sec)
MariaDB [security]> select count(*),concat (0x03a,0x03a,(select version()),0x03a,0x03a, floor(rand()*2)) a from information_schema.tables group by a;
ERROR 1062 (23000): Duplicate entry '' for key 'group_key'
This error does not show me any Duplicate entry .
If you remember video the version would be in the quotes after Duplicate entry.
Please provide your valuable response if anyone has faced similar issue. I am in need of someone who could give me an understanding or point out the direction where i can get the understanding am lacking right now.
I found that this image does not match the contents of the lessons.
For example:
The query in lesson 4 is $sql="SELECT * FROM users WHERE id=($id) LIMIT 0,1";, which uses round brackets, but image.png says double quotes are used in lesson 4.
Is image.png not correct? Or do I misinterpret the meanings of the words in image.png?
Please Include solutions at the end if a person fails to inject, i'm having real hard time figuring out and SQL injection is the only thing i can't find any guide about, it is hard to learn and no where to found.. Please add solutions too so i can learn from it.
Hi, Audi-1, I'm a users of your perfect sqli-labs series. Up to now, I've done to LESS-29,and I found that it's very easy to inject the index.php, but I can't inject less-29/login.php. I've searched the original code,but I still can't inject it. Can you just give me some hint?
And here's my biggest question: will you make sqli-labs series videos again after part 23? I think it's so useful for learners but may waste your time.
THANKS A LOT.
Sorry,I've found it on securitytube.com.
I just have completed the video 6 , I'm getting all the outputsl as expected. But I'm not understanding why it is throwing that error.
ie : ERROR 1062 (23000): Duplicate entry 'security::1' for key '<group_key>'
mysql> select count(*), concat((select database()),0x3a,0x3a,floor(rand()2))dump from information_schema.columns group by dump;
+----------+-------------+
| count() | dump |
+----------+-------------+
| 1501 | security::0 |
| 1603 | security::1 |
+----------+-------------+
2 rows in set (0.04 sec)
mysql> select count(*), concat((select database()),0x3a,0x3a,floor(rand()*2))dump from information_schema.columns group by dump;
ERROR 1062 (23000): Duplicate entry 'security::1' for key '<group_key>'
My doubt is there is no duplication of data right? security:: 0 's count is 1501 while the count of security::1 is 1603
So why is this error coming.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.