Set up your own Lab for practicing SQL injection and XSS

I hope you learned about the Sql injection and XSS. But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime.

So how can we do the practice? Here is the solution for you friends. Why shouldnt set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities. The lab we will be using for demonstration is SQLi Labs.


Lets Start with Set up your own Lab for practicing SQL injection

Step 1 :- In latest version of kali we are having PHP version 7.xxx which does not support MySQL functions because it support MySQLi functions.

So Start Kali Linux and open a terminal just type the following command :-

php-v

cd /var/www/html

git clone https://github.com/Audi-1/sqli-labs.git

Set up your own Lab for practicing SQL injection and XSS


Step 2 :- this will install it, now type : cd sqli-labs to go to the directory, and type ls to see what is in there.

cd sqli-labs

cd sql-connections

ls

Set up your own Lab for practicing SQL injection and XSS


Step 3 :- when i tried to setup the sqli-labs ,I know something is wrong in setup-db.php see below screenshot.

php sql-connect.php

Set up your own Lab for practicing SQL injection and XSS


Step 4 :- Lets solve this error to open setup-db.php file under root/var/www/html/sql-labs


Set up your own Lab for practicing SQL injection and XSS


Step 5 :- To Solve this problem you have to replace mysql_connect() with mysqli_connect() and mysql_query($sql) with mysqli_query($con, $sql)


Set up your own Lab for practicing SQL injection and XSS


Step 6 :- If exists mysql_error() then replace with mysqli_error($con)


Set up your own Lab for practicing SQL injection and XSS


Step 7 :-If exists mysql_fetch_array($result) then replace with mysqli_fetch_array($result, MYSQLI_BOTH)


Set up your own Lab for practicing SQL injection and XSS


Step 8 :- If exists mysql_fetch_array($result1) then replace with mysqli_fetch_array($result1, MYSQLI_BOTH)


Set up your own Lab for practicing SQL injection and XSS


Step 9 :- If exists mysql_connect($host,$dbuser,$dbpass) then replace with mysqli_connect($host,$dbuser,$dbpass)


Set up your own Lab for practicing SQL injection and XSS


Step 10 :- If exists mysql_real_escape_string($value) then replace with mysqli_real_escape_string($con, $value)


Set up your own Lab for practicing SQL injection and XSS


Step 11 :-If exists mysql_select_db($dbname, $con) then replace with mysqli_select_db($con, $dbname)


Set up your own Lab for practicing SQL injection and XSS


Step 12 :- Now open kali terminal and move to this folder and give permissions to sqli-labs folder and give permissions to all files and folder using the following commands:-

cd ../

chmod 777 sqli-labs

cd sqli-labs

chmod 777 *

Set up your own Lab for practicing SQL injection and XSS


Step 13 :- Now start the apache serevr and stop mysql

service apache2 start

service mysql stop

Set up your own Lab for practicing SQL injection and XSS


Step 14 :- Now type

mysqld_safe --skip-grant-tables

Set up your own Lab for practicing SQL injection and XSS


Step 15 :- Open the browser and type localhost/sqli-labs/ to open the sqli-lap setup. And click on the setup/reset Database for labs.


Set up your own Lab for practicing SQL injection and XSS


Step 16 :-Now your database is setting up.


Set up your own Lab for practicing SQL injection and XSS


Step 17 :-After the database setup go back and click on SQLi-LABS Page-1(Basic Challanges) and here is your sql labs for practe SQL injection and XSS


Set up your own Lab for practicing SQL injection and XSS


For References :-




I hope you enjoyed this article.



Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Stay Connected

Popular Posts

Get Latest Stuff Through Email


Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..