I hope you learned about the Sql injection and XSS. But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime.
So how can we do the practice? Here is the solution for you friends. Why shouldnt set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities. The lab we will be using for demonstration is SQLi Labs.
Step 1 :- In latest version of kali we are having PHP version 7.xxx which does not support MySQL functions because it support MySQLi functions.
So Start Kali Linux and open a terminal just type the following command :-
php-v
cd /var/www/html
git clone https://github.com/Audi-1/sqli-labs.git
Step 2 :- this will install it, now type : cd sqli-labs to go to the directory, and type ls to see what is in there.
cd sqli-labs
cd sql-connections
ls
Step 3 :- when i tried to setup the sqli-labs ,I know something is wrong in setup-db.php see below screenshot.
php sql-connect.php
Step 4 :- Lets solve this error to open setup-db.php file under root/var/www/html/sql-labs
Step 5 :- To Solve this problem you have to replace mysql_connect() with mysqli_connect() and mysql_query($sql) with mysqli_query($con, $sql)
Step 6 :- If exists mysql_error() then replace with mysqli_error($con)
Step 7 :-If exists mysql_fetch_array($result) then replace with mysqli_fetch_array($result, MYSQLI_BOTH)
Step 8 :- If exists mysql_fetch_array($result1) then replace with mysqli_fetch_array($result1, MYSQLI_BOTH)
Step 9 :- If exists mysql_connect($host,$dbuser,$dbpass) then replace with mysqli_connect($host,$dbuser,$dbpass)
Step 10 :- If exists mysql_real_escape_string($value) then replace with mysqli_real_escape_string($con, $value)
Step 11 :-If exists mysql_select_db($dbname, $con) then replace with mysqli_select_db($con, $dbname)
Step 12 :- Now open kali terminal and move to this folder and give permissions to sqli-labs folder and give permissions to all files and folder using the following commands:-
cd ../
chmod 777 sqli-labs
cd sqli-labs
chmod 777 *
Step 13 :- Now start the apache serevr and stop mysql
service apache2 start
service mysql stop
Step 14 :- Now type
mysqld_safe --skip-grant-tables
Step 15 :- Open the browser and type localhost/sqli-labs/ to open the sqli-lap setup. And click on the setup/reset Database for labs.
Step 16 :-Now your database is setting up.
Step 17 :-After the database setup go back and click on SQLi-LABS Page-1(Basic Challanges) and here is your sql labs for practe SQL injection and XSS