Description: SQL injections how to on error based, blind bool based or time based, header based injections, cookie injection, injections in update query, insert query, etc....
Tags: learn SQLi , SQL Injections , sqli walkthrough ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Nice Video. Waiting for part 2
Hi Audi, it really sounds good that securitytuube megaprimers inspired you. i hope i will get another megaprimer.
thanks
I installed everything as you clearly explained but I keep getting this error when I browse to the localhost:
Forbidden
You don't have permission to access /sqli-labs/ on this server.
Apache/2.2.20 (Ubuntu) Server at localhost Port 80
How could I fix all this?thanks a lot!
as I can visualize you could have 2 issues if apache is running.
the folder name would be case sensitive.. so double check it
secondly
check the permissions of folder
ls -l /var/www
the owner would be root and will have restricted perms.you can add permission chmod 755 to folder, and all subfolders, then it should work nicely.
hope it helps
Yeah it works now! I had just to set the right privileges. However when I browse to http://localhost/sqli-labs/Less-1 and I start to play with the input value, I got this message:
Warning: fopen(result.txt) [function.fopen]: failed to open stream: Permission denied in /var/www/sqli-labs/Less-1/index.php on line 22
Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/sqli-labs/Less-1/index.php on line 23
Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/sqli-labs/Less-1/index.php on line 24
Although this, everything seems work well..
again it seems to be a permission issue,
the page index.php in all Lessons include 4 lines of code to write all injections you try to a file called result.txt in same lesson folder. make sure that apache user can write or append to this file. easy way out would be to make perms chmod 777 for the folders, and delete old result.txt file.
hope this helps.
you can also suppress warnings in your php.ini
This result.txt is in because when i was learning, i used to run scanners against these examples, and see how they were exploiting the sqli.
Thanks Audi :D U rock Bro.....
Nice Tutorial bRO..!!!
everything fixed and works like a charm now..great videos mate!
Thankyou, nice tutorial, clearly explained. Looking forward to working through this series...
This is the sqli megaprimer now. It is superb. Thanks a lot Audi.
nice video and setup. :)
Is anyone getting issue where the browser wants to download the files rather than run them.
PS AUDI
( Sorry page loaded) Thanks for the info!
@ApertureSecurity
Are you trying to use IIS to serve the content, because you need to specify what server side content the webserver renders, for example is you have asp pages, and u use xampp to render it, then it will not do it out of the box and show you dialog box.
I got it, thanks a million!
thats great series, thnx alot
great man!
i have already downloaded d whole series nd now lookin forward to learning it
:D
faced
Forbidden
You don't have permission to access /sqli-labs/ on this server.
Apache/2.2.20 (Ubuntu) Server at localhost Port 80
during the setup
and as you said to use chmod
googled a bit and found the solution
chmod go+rw sqli-labs :D
now working fine :D
cool :D
plannin to watch d full series :D
thnx man for such wise endeavor :D
faced Learner's problem ,,, solved :D
Awesome tutorial of SQLI to gain good command over SQLI in depth with proper conceptual and logical knowledge. Thanks to Audi for providing such a nice SQLI Series....
Will definately positively looking forward for such a series on other web app related vulnerability.
When i click "Setup/reset Database for labs", i get a message "SETTING UP THE DATABASE SCHEMA AND POPULATING DATA IN TABLES:
[*]...................Could not connect to DB, check the creds in db-creds.inc: Access denied for user 'root'@'localhost' (using password: YES)"
Please hepl me!
THanks
@son_91
If you check the error you get it says access denied for user root@localhost. therefore open the file db-creds.inc which is present under sql-connections folder and update the password to what is being used on system. if you are using backtrack then it would be "toor" on Kali it would be setup according to you. I kept it a blank. Once you do the changes it would work fine.
thanks for help....
Hi Audi, thanks for such a great series. While setting up the Db on my Windows machine(using XAMPP) I'm getting this error:
Warning: mysql_connect(): Access denied for user 'Skillrooted@'localhost' (using password: YES) in F:\xampp\htdocs\sqli-labs-master\sql-connections\setup-db.php on line 23
[*]...................Could not connect to DB, check the creds in db-creds.inc: Access denied for user 'Skillrooted'@'localhost' (using password: YES)
I'm using the same username and password combination as in my PC in the db-creds.inc file.
What should I do ?
@skillrooted_01
The mysql user is not your system user account, by default on xampp on windows password user to be blank for root user, therefore user should be root and a blank password,or if you have changed the password at time of install, update that in the db-creds.inc file and you should be good to go....
thanks a lot Audi, that worked. :)