Administrator
发布于 2024-04-11 / 66 阅读
0

SQLI-LABS - A Platform To Learn SQLI Following Labs

访问地址(Saas):https://sqli.exp-9.com/

源代码:https://github.com/Audi-1/sqli-labs

SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:

Error Based Injections (Union Select)

String

Intiger

Error Based Injections (Double Injection Based)

BLIND Injections: 1.Boolian Based 2.Time Based

Update Query Injection.

Insert Query Injections.

Header Injections. 1.Referer based. 2.UserAgent based. 3.Cookie based.

Second Order Injections

Bypassing WAF

Bypassing Blacklist filters Stripping comments Stripping OR & AND Stripping SPACES and COMMENTS Stripping UNION & SELECT

Impidence mismatch

Bypass addslashes()

Bypassing mysql_real_escape_string. (under special conditions)

Stacked SQL injections.

Secondary channel extraction