访问地址(Saas):https://sqli.exp-9.com/
源代码:https://github.com/Audi-1/sqli-labs
SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:
Error Based Injections (Union Select)
String
Intiger
Error Based Injections (Double Injection Based)
BLIND Injections: 1.Boolian Based 2.Time Based
Update Query Injection.
Insert Query Injections.
Header Injections. 1.Referer based. 2.UserAgent based. 3.Cookie based.
Second Order Injections
Bypassing WAF
Bypassing Blacklist filters Stripping comments Stripping OR & AND Stripping SPACES and COMMENTS Stripping UNION & SELECT
Impidence mismatch
Bypass addslashes()
Bypassing mysql_real_escape_string. (under special conditions)
Stacked SQL injections.
Secondary channel extraction