INTRODUCTION
============
***WARNING: SQLol IS INTENTIONALLY VULNERABLE.
DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT EXPOSE SQLol IN AN UNTRUSTED ENVIRONMENT.***
SQLol is a configurable SQL injection testbed. SQLol allows you to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw.To better understand why SQLol exists, please read the sonnet below:
I humbly posit that the current state (With much respect to work which does precede) Of test-beds made with vulns to demonstrate
Is lacking some in flexibility.Two options are presented present-day,
As far as when one deals with S-Q-L: A blind injection (bool or time delay) And UNION statement hax (oh gee, how swell…)
Imagine we could choose how queries read And how our input sanitizes, oh!How nimble and specific we could be To recreate our ‘sploit scenarios.And thus is S-Q-L-O-L conceived:That we can study how to pwn DBs.
Options:
Type of query
Location within query
Type and level of sanitization
Level of query output
Verbosity of error messages
Visibility of query
Injection string entry point
Other cool things:
Reset button
Challenges
Support for multiple database systems
REQUIREMENTS
============
PHP 5.x
Web server
Database server (MySQL, PostgreSQL and SQLite have been tested, others may work)
ADODB library (included)
USAGE
=====
Place the SQLol source files on your Web server and open in a Web browser. Modify the configuration file #sqlol_directory#/includes/database.config.php to point to your installed database server. Use the resetbutton.php script to write the SQLol database, then start playing!
Visit -
https://github.com/SpiderLabs/SQLol/
Download -
https://github.com/SpiderLabs/SQLol/downloads
Screenshot -
