\n";} else {echo "[*]...................Error purging database: " . mysqli_error($con); echo "

\n";} //Creating new database security $sql="CREATE database security CHARACTER SET gbk "; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New database 'SECURITY' successfully";echo "

\n";} else {echo "[*]...................Error creating database: " . mysqli_error($con);echo "

\n";} //creating table users $sql="CREATE TABLE security.users (id int(3) NOT NULL AUTO_INCREMENT, username varchar(20) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (id))"; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New Table 'USERS' successfully";echo "

\n";} else {echo "[*]...................Error creating Table: " . mysqli_error($con);echo "

\n";} //creating table emails $sql="CREATE TABLE security.emails ( id int(3)NOT NULL AUTO_INCREMENT, email_id varchar(30) NOT NULL, PRIMARY KEY (id) )"; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New Table 'EMAILS' successfully"; echo "

\n";} else {echo "[*]...................Error creating Table: " . mysqli_error($con);echo "

\n";} //creating table uagents $sql="CREATE TABLE security.uagents ( id int(3)NOT NULL AUTO_INCREMENT, uagent varchar(256) NOT NULL, ip_address varchar(35) NOT NULL, username varchar(20) NOT NULL, PRIMARY KEY (id) )"; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New Table 'UAGENTS' successfully";echo "

\n";} else {echo "[*]...................Error creating Table: " . mysqli_error($con);echo "

\n";} //creating table referers $sql="CREATE TABLE security.referers ( id int(3)NOT NULL AUTO_INCREMENT, referer varchar(256) NOT NULL, ip_address varchar(35) NOT NULL, PRIMARY KEY (id) )"; if (mysqli_query($con, $sql)) {echo "[*]...................Creating New Table 'REFERERS' successfully";echo "

\n";} else {echo "[*]...................Error creating Table: " . mysqli_error($con);echo "

\n";} //inserting data $sql="INSERT INTO security.users (id, username, password) VALUES ('1', 'Dumb', 'Dumb'), ('2', 'Angelina', 'I-kill-you'), ('3', 'Dummy', 'p@ssword'), ('4', 'secure', 'crappy'), ('5', 'stupid', 'stupidity'), ('6', 'superman', 'genious'), ('7', 'batman', 'mob!le'), ('8', 'admin', 'admin'), ('9', 'admin1', 'admin1'), ('10', 'admin2', 'admin2'), ('11', 'admin3', 'admin3'), ('12', 'dhakkan', 'dumbo'), ('14', 'admin4', 'admin4')"; if (mysqli_query($con, $sql)) {echo "[*]...................Inserted data correctly into table 'USERS'";echo "

\n";} else {echo "[*]...................Error inserting data: " . mysqli_error($con);echo "

\n";} //inserting data $sql="INSERT INTO security.emails (id, email_id) VALUES ('1', '[email protected]'), ('2', '[email protected]'), ('3', '[email protected]'), ('4', '[email protected]'), ('5', '[email protected]'), ('6', '[email protected]'), ('7', '[email protected]'), ('8', '[email protected]')"; if (mysqli_query($con, $sql)) {echo "[*]...................Inserted data correctly into table 'EMAILS'";echo "

\n";} else {echo "[*]...................Error inserting data: " . mysqli_error($con);echo "

\n";} //CREATE TABLE security.search (id int(3) NOT NULL AUTO_INCREMENT, search varchar(20) NOT NULL, PRIMARY KEY (id)); //INSERT INTO security.search (search) VALUES ( '[email protected]'), ('[email protected]'), ('[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]')"; //including the Challenges DB creation file. include("../sql-connections/setup-db-challenge.php"); ?>

SELECT * FROM users WHERE id='1' union select 1,2,3 -- 'LIMIT 0,1

Hello,i think the code in line 91 should be
fwrite($fp,'User Agent:'.$uagent."\n");

Less-43
index.php
15lines

before is

right is

Hi,
Many people are facing this issues the code is compatible to only PHP4 & PHP5. The users have to either downgrade the version of PHP to PHP5, as the latest updated systems use PHP7 or have to change the code.
There is a blog which guide to change the code of this app specifically. To change the code refer to the following link:
http://www.hackingarticles.in/set-sqli-lab-kali/
even after this some may face certain issues that they can ask here.

I've followed this video to install sqli-labs with php7 on Kali Linux and everything goes right. Easy and fast.

I'm working on Kali Linux with mariaDB 10.3.

I'm trying to do less-17 and there's no way of changing the admin's password. It gives me error "Bug off you silly dumb hacker".
Does anyone have a solution?

Hello,

On lessons 4 when I do http://localhost/sqli-labs/Less-4/?id=1' I don't get a error message

Roelof

Hi Audi,

I have been following your awesome sqli labs, i am stuck with tomcat firewall lab. I am getting below error. I can confirm sample lesson 32 works fine with apache tomcat.

type Exception report

message An exception occurred processing JSP page /sqli-labs/Less-29/index.jsp at line 61

description The server encountered an internal error that prevented it from fulfilling this request.

exception

java.io.IOException: An exception occurred processing JSP page /sqli-labs/Less-29/index.jsp at line 61

58: URLConnection sqli_labs_connection = sqli_labs.openConnection();
59: BufferedReader in = new BufferedReader(
60: new InputStreamReader(
61: sqli_labs_connection.getInputStream()));
62: String inputLine;
63: while ((inputLine = in.readLine()) != null)
64: out.print(inputLine);

Stacktrace:
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

root cause

java.io.FileNotFoundException: http://localhost/sqli-labs/Less-29/index.php
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1625)
org.apache.jsp.sqli_002dlabs.Less_002d29.index_jsp._jspService(index_jsp.java:124)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

note The full stack trace of the root cause is available in the Apache Tomcat/7.0.64 logs.

Hi Audi,
I am trying to install this using git clone and when I try to initiate the DB Reset I am not getting anything. And apache logs are giving me below

::1 - - [13/Jun/2017:14:18:13 -0400] "GET /sqli-labs/sql-connections/setup-db.php HTTP/1.1" 500 848 "http://localhost/sqli-labs/" "Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Firefox/45.0"

I tried everything and seems not working. Any hints on solving this ? Thanks

I tried with XAMPP on localhost.
I couldn't figure out the reason can anybody help me?🙂

I'm doing all the labs with Mysql 8 but on lesson 17 I can't update the admin password. I wonder whether Mysql 8 is parched and you can't update?

Any idea?

EX of Code error:

                                          Welcome    Dhakkan

SETTING UP THE DATABASE SCHEMA AND POPULATING DATA IN TABLES:

";} else {echo "[*]...................Error purging database: " . mysql_error(); echo "

";} //Creating new database security $sql="CREATE database security CHARACTER S, ET gbk "; if (mysql_query($sql)) {echo "[*]...................Creating New database successfully";echo "

";} else {echo "[*]...................Error creating database: " . mysql_error();echo "

blah, blah, blah, blah

Ive tried to reinstall this twice with the same error when clicking on the Setup/reset Database. Im using current version of Ubuntu. Apache2 has been installed and works. Same with mysql.

File location:
/var/www/sqli-labs/

Any suggestions?

DB setup/reset always create a database with name 'security' instead of using the dbname we put in db-creds.inc. Not much of a problem, though.

Hi,

I still get this error while trying to set up the database:

SETTING UP THE DATABASE SCHEMA AND POPULATING DATA IN TABLES:


\n";} else {echo "[*]...................Error purging database: " . mysql_error(); echo "

\n";} //Creating new database security $sql="CREATE database `security` CHARACTER SET `gbk` "; if (mysql_query($sql)) {echo "[*]...................Creating New database 'SECURITY' successfully";echo "

\n";} else {echo "[*]...................Error creating database: " . mysql_error();echo "

\n";} //creating table users $sql="CREATE TABLE security.users (id int(3) NOT NULL AUTO_INCREMENT, username varchar(20) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (id))"; if (mysql_query($sql)) {echo "[*]...................Creating New Table 'USERS' successfully";echo "

\n";} else {echo "[*]...................Error creating Table: " . mysql_error();echo "

\n";} //creating table emails $sql="CREATE TABLE security.emails ( id int(3)NOT NULL AUTO_INCREMENT, email_id varchar(30) NOT NULL, PRIMARY KEY (id) )"; if (mysql_query($sql)) {echo "[*]...................Creating New Table 'EMAILS' successfully"; echo "

\n";} else {echo "[*]...................Error creating Table: " . mysql_error();echo "

\n";} //creating table uagents $sql="CREATE TABLE security.uagents ( id int(3)NOT NULL AUTO_INCREMENT, uagent varchar(256) NOT NULL, ip_address varchar(35) NOT NULL, username varchar(20) NOT NULL, PRIMARY KEY (id) )"; if (mysql_query($sql)) {echo "[*]...................Creating New Table 'UAGENTS' successfully";echo "

\n";} else {echo "[*]...................Error creating Table: " . mysql_error();echo "

\n";} //creating table referers $sql="CREATE TABLE security.referers ( id int(3)NOT NULL AUTO_INCREMENT, referer varchar(256) NOT NULL, ip_address varchar(35) NOT NULL, PRIMARY KEY (id) )"; if (mysql_query($sql)) {echo "[*]...................Creating New Table 'REFERERS' successfully";echo "

\n";} else {echo "[*]...................Error creating Table: " . mysql_error();echo "

\n";} //inserting data $sql="INSERT INTO security.users (id, username, password) VALUES ('1', 'Dumb', 'Dumb'), ('2', 'Angelina', 'I-kill-you'), ('3', 'Dummy', 'p@ssword'), ('4', 'secure', 'crappy'), ('5', 'stupid', 'stupidity'), ('6', 'superman', 'genious'), ('7', 'batman', 'mob!le'), ('8', 'admin', 'admin'), ('9', 'admin1', 'admin1'), ('10', 'admin2', 'admin2'), ('11', 'admin3', 'admin3'), ('12', 'dhakkan', 'dumbo'), ('14', 'admin4', 'admin4')"; if (mysql_query($sql)) {echo "[*]...................Inserted data correctly into table 'USERS'";echo "

\n";} else {echo "[*]...................Error inserting data: " . mysql_error();echo "

\n";} //inserting data $sql="INSERT INTO `security`.`emails` (id, email_id) VALUES ('1', '[email protected]'), ('2', '[email protected]'), ('3', '[email protected]'), ('4', '[email protected]'), ('5', '[email protected]'), ('6', '[email protected]'), ('7', '[email protected]'), ('8', '[email protected]')"; if (mysql_query($sql)) {echo "[*]...................Inserted data correctly into table 'EMAILS'";echo "

\n";} else {echo "[*]...................Error inserting data: " . mysql_error();echo "

\n";} //CREATE TABLE security.search (id int(3) NOT NULL AUTO_INCREMENT, search varchar(20) NOT NULL, PRIMARY KEY (id)); //INSERT INTO `security`.`search` (search) VALUES ( '[email protected]'), ('[email protected]'), ('[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]'), ( '[email protected]')"; //including the Challenges DB creation file. include("../sql-connections/setup-db-challenge.php"); ?> 

even though I have php5.6. Anything else I might try?

Best,

Florian

error in install

长期大量收WebShell，高价寻渗透大佬合作，有意者联系Telegram：@xxx9964

The readme.md said unzip it inside the apache folder. I wonder if use Nginx, it will different？ or I can't use Nginx.

sql-connection目录下找不到定义操作sql的一系列函数的php文件，比如mysql_connect(),mysql_query()等等，是不是需要读者自行定义？

Do you have one version in docker of sqli-labs?

Hello,

I understand that with ?=id=1' you can break the query.
But in your videos I cannot find how to repair it. I only see lesson 1 , 3 and 4

Roelof

After setting up lab with the following steps
https://www.kalilinux.in/2021/09/how-to-setup-sql-injection-labs-kali-linux.html
Got to mention that I use an edited version of repository
(https://github.com/Rinkish/Sqli_Edited_Version)
But I hope that community of "sqli-labs" ius much wider, and asking for help from you (issue is duplicated on the Rinkish's repo). So, setup-db.php seems to be OK, after pressing "Setup/reset Database for labs" everything is normal, no errors, but when I open up First lesson (as well as second, third and I guess every lesson) and trying to insert different id parameters I see no changes.
http://127.0.0.1/sqli/Less-1/?id=1 leads to the same result as if id=2.
Welcome Dhakkan and nothing more.

I tried to inspect the responsible code

$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
$result=mysqli_query($con, $sql);
$row = mysqli_fetch_array($result, MYSQLI_BOTH);

$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
$result=mysqli_query($con, $sql);
$row = mysqli_fetch_array($result, MYSQLI_BOTH);

    if($row)
    {
    echo "<font size='5' color= '#99FF00'>";
    echo 'Your Login name:'. $row['username'];
    echo "<br>";
    echo 'Your Password:' .$row['password'];
    echo "</font>";
    }
    else 
    {
    echo '<font color= "#FFFF00">';
    print_r(mysqli_error($con));
    echo "</font>";  
    }

So Your Login name and Your Password doesn't present, may be $row is false, IDK.
apache2 and mysql services are started. I will be glad to hear any hints. Thanks in advance.

mysql_* functions not working on php7

This one is outdated...

perfectly working version:
https://github.com/Rinkish/Sqli_Edited_Version

I found that this image does not match the contents of the lessons.
For example:
The query in lesson 4 is $sql="SELECT * FROM users WHERE id=($id) LIMIT 0,1";, which uses round brackets, but image.png says double quotes are used in lesson 4.

Is image.png not correct? Or do I misinterpret the meanings of the words in image.png?

Please Include solutions at the end if a person fails to inject, i'm having real hard time figuring out and SQL injection is the only thing i can't find any guide about, it is hard to learn and no where to found.. Please add solutions too so i can learn from it.

How can I solve the problem

I just have completed the video 6 , I'm getting all the outputsl as expected. But I'm not understanding why it is throwing that error.

ie : ERROR 1062 (23000): Duplicate entry 'security::1' for key '<group_key>'

mysql> select count(*), concat((select database()),0x3a,0x3a,floor(rand()2))dump from information_schema.columns group by dump;
+----------+-------------+
| count() | dump |
+----------+-------------+
| 1501 | security::0 |
| 1603 | security::1 |
+----------+-------------+
2 rows in set (0.04 sec)

mysql> select count(*), concat((select database()),0x3a,0x3a,floor(rand()*2))dump from information_schema.columns group by dump;
ERROR 1062 (23000): Duplicate entry 'security::1' for key '<group_key>'

My doubt is there is no duplication of data right? security:: 0 's count is 1501 while the count of security::1 is 1603

So why is this error coming.

This project appears to be missing a license.

Can you confirm what is it distributed under?

Hi, Audi-1, I'm a users of your perfect sqli-labs series. Up to now, I've done to LESS-29,and I found that it's very easy to inject the index.php, but I can't inject less-29/login.php. I've searched the original code,but I still can't inject it. Can you just give me some hint?
And here's my biggest question: will you make sqli-labs series videos again after part 23? I think it's so useful for learners but may waste your time.
THANKS A LOT.

Sorry,I've found it on securitytube.com.

Hi All,
While learning from video 6 i understood that the rand function should be producing errors which would be providing us information about underlying database But when i am using group by clause as provided in the sqli tutorial i am not getting the expected output as audi had in the video.
Now my question's are , is this behavior because of Mysql version i am using ? has there been any change in the working of group by clause ? and What shall i do to resolve this issue and get an error as shown in the video tutorial ?

I am adding a snip of my terminal below.
I am using Bitnami's xampp version 5.6.31 for the lab and from the below snip you could understand the version of database in use.

MariaDB [security]> select count(*),concat (0x03a,0x03a,(select version()),0x03a,0x03a, floor(rand()2)) a from information_schema.tables group by a;
+----------+--------------------------+
| count() | a |
+----------+--------------------------+
| 97 | : :10.1.25-MariaDB : :0 |
| 91 | : :10.1.25-MariaDB : :1 |
+----------+--------------------------+
2 rows in set (0.01 sec)

MariaDB [security]> select count(*),concat (0x03a,0x03a,(select version()),0x03a,0x03a, floor(rand()*2)) a from information_schema.tables group by a;
ERROR 1062 (23000): Duplicate entry '' for key 'group_key'

This error does not show me any Duplicate entry .
If you remember video the version would be in the quotes after Duplicate entry.

Please provide your valuable response if anyone has faced similar issue. I am in need of someone who could give me an understanding or point out the direction where i can get the understanding am lacking right now.