[Environmental Construction] Building the SQLi-labs vulnerability environment on Docker

Table of contents

1 Introduction to sqli-labs

sq Ii-labs is an open source platform to learn SQL injection, there are 75 different types of injection, the official introduction is as follows:
SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:

  1. Error Based Injections (Union Select)
    • String
    • Intiger
  2. Error Based Injections (Double Injection Based)
  3. BLIND Injections: 1.Boolian Based 2.Time Based
  4. Update Query Injection.
  5. Insert Query Injections.
  6. Header Injections. 1.Referer based. 2.UserAgent based. 3.Cookie based.
  7. Second Order Injections
  8. Bypassing WAF
    • Bypassing Blacklist filters Stripping comments Stripping OR & AND Stripping SPACES and COMMENTS Stripping UNION & SELECT
    • Impidence mismatch
  9. Bypass addslashes()
  10. Bypassing mysql_real_escape_string. (under special conditions)
  11. Stacked SQL injections.
  12. Secondary channel extraction

2 [Docker] builds sqli-labs

  1. Use the command to docker search sqli-labssearch the official repository for DVWA’s mirror list.
  2. Use the command to download the mirror to the local: docker pull docker.io/acgpiano/sqli-labs, specify the mirror name as the first one in the star list in the command.
  3. Use the command to docker image lslist the local mirror list information. You can see the image file just downloaded and its main information, such as tag, file size, etc.
  4. Ways to run in background mode: docker run --name sqli -p 80:80 -p 3306:3306 docker.io/acgpiano/sqli-labs.
  5. On the basis of the previous step, open a new terminal window and enter the command: docker ps, to view the list of containers running on the computer and their main information.
  6. Use the command to enter the container interface: docker exec -i -t sqli /bin/bash.
  7. It doesn’t matter whether you specify the port or not when accessing the IP address in the browser, you can see the following when you visit:

3 Summary

  1. Understand the main functions of the sqli-labs shooting range;
  2. Learn how to build the sqli-labs shooting range.

references

  1. Docker builds sqli-labs and uses docker commands in detail
  2. github sqli-labs documentation

Leave a Comment

Your email address will not be published. Required fields are marked *