Friday, June 22, 2012

SQLI-LABS SERIES PART-1


Issue with me is that I have a very unconventional way of self learning and unless the core concepts are clear, things fall logically in place and I have answer to all how and why questions in my head,  cannot accept and retain those thopics.
Well for me my good friend Alper has always been there whenever stupid ideas pop'ed into my head and I  needed someone to share, discuss and to show me the right path. Pranab has always supported me in the odd hours of research and learning, when we are trying to understand things....

Shashank another good friend of mine pushed me to share my ideas and know how with others.... so revival of my blog is because of him. Not to forget my buddy Neeraj who was with me in all the ups and downs of my life....(Miss you uncle.................)
Thank a ton to all my friends. It is only because of them that I am what I am today.



SQLI-LABS SERIES


So here I am sharing the little I know....
Plans are big. If audience likes the stuff, then I will invest more time to share and bring forward more subjects.....

I started with SQL Injections...... why SQL injections. Well there is a lot talked about on this subject on internet from basic to advanced stuff but no single resource explains the logic behind the scene for all types in 1 place , how it works and why it works and most are like do this then this and then this but why it needs to be done like that is not explained...........

SQLI-LABS is my attempt to explain the basics involved in SQL injections. I tried to be a DHAKKAN during my explainations.... Hope you all like them.

CAUTION: This is for educational purposes only, please do not use the skills you gain from following the video lessons, blog to harm or test sites on the internet for whom you do not have permissions. Doing so is illegal. I do not support these sort of activities and would advice you all to stay away from the same... If you do so you are solely responsible for your actions, you have been warned. 

SQLI-LABS is a test bed of various lessons to explain and learn different types of SQL injections.

  1. Error Based Sql Injections - Union select type.
  2. Error Based Sql Injections - Double Query type.
  3. Boolian Based Blind Injections.
  4. Time Based Blind Injections.
  5. Dumping the DB using outfile / Dumpfile.
  6. POST based Sql injections Error based type - union select.
  7. POST based Sql injections - Double injection type.
  8. POST based Blind injections -Boolian / Time based.
  9. Injection in the UPDATE query.
  10. Injection in the Headers.
  11. Injection in cookies.
Download the test bed from https://github.com/Audi-1/sqli-labs
Installation video can be found at http://www.youtube.com/watch?v=NJ9AA1_t1Ic











7 comments:

  1. Thank you very much for posting these educational video series. I think they are really helpful for people who would like to learn more about sql injection but with few experiences. Also the SQLI-LABS helps a lot!

    ReplyDelete
  2. Nice lecture Audi-1. Really appreciate it. Keep it going.

    ---v4s

    ReplyDelete
  3. Great video series indeed, I really appreciate your valuable effort. Thank You so much. :)

    ReplyDelete
  4. Just awesome really really awesome videos never seen before on internet (Y)

    ReplyDelete
  5. Lesson 1 and 2 aren't working for me on a Mac with MySQL 5.6 and Apache 2.2.24 with PHP 5.3.26. Do I need older versions of software for the exploits to work? I can see in the query log that MySQL is escaping my single quotes automatically.

    ReplyDelete