Locked SQLol v0.4

[sQuo]

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Download|Info

 

INTRODUCTION

============

 

***WARNING: SQLol IS INTENTIONALLY VULNERABLE.

DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT

EXPOSE SQLol IN AN UNTRUSTED ENVIRONMENT.***

 

SQLol is a configurable SQL injection testbed. SQLol allows

you to exploit SQL injection flaws, but furthermore allows

a large amount of control over the manifestation of the flaw.

To better understand why SQLol exists, please read the sonnet

below:

 

I humbly posit that the current state

(With much respect to work which does precede)

Of test-beds made with vulns to demonstrate

Is lacking some in flexibility.

Two options are presented present-day,

As far as when one deals with S-Q-L:

A blind injection (bool or time delay)

And UNION statement hax (oh gee, how swell…)

Imagine we could choose how queries read

And how our input sanitizes, oh!

How nimble and specific we could be

To recreate our ‘sploit scenarios.

And thus is S-Q-L-O-L conceived:

That we can study how to pwn DBs.

Options:

Type of query

Location within query

Type and level of sanitization

Level of query output

Verbosity of error messages

Visibility of query

Injection string entry point

 

Other cool things:

Reset button

Challenges

Support for multiple database systems