/sqli-labs

This repository contains the write-ups for Basic and Advanced Injections in SQLi-labs.

Primary LanguagePython

SQLi-labs

In this repository, I have published the write-ups for all the levels in SQLi-labs.

About

SQLi-Labs is a platform to learn SQLI Vulnerabilities.

Following labs are covered for GET and POST scenarios:

  1. Error Based Injections (Union Select)

    • String
    • Integer

  2. Error Based Injections (Double Injection Based)

  3. BLIND Injections:

    • Boolean Based
    • Time Based

  4. Update Query Injection.

  5. Insert Query Injections.

  6. Header Injections.

    • Referer based.
    • UserAgent based.
    • Cookie based.

  7. Second Order Injections

  8. Bypassing WAF

    • Bypassing
      • Blacklist filters
      • Stripping comments
      • Stripping OR & AND
      • Stripping SPACES and COMMENTS
      • Stripping UNION & SELECT
    • Impidence mismatch

  9. Bypass addslashes()

  10. Bypassing mysql_real_escape_string. (under special conditions)

  11. Stacked SQL injections.

  12. Secondary channel extraction