SQLol

From Alpine Linux

SQLol is a SQL injection playground which allows you to exploit and detect SQL injection flaws.

Install lighttpd, PHP, and MySql

Basic Installation

For installing the additional packages first activate community packages and update the package index

Install the required packages:

# apk add lighttpd php82 fcgi php82-cgi

Configure Lighttpd

Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:

Contents of /etc/lighttpd/lighttpd.conf

... include "mod_fastcgi.conf" ...

Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.

Contents of /etc/lighttpd/mod_fastcgi.conf

... "bin-path" => "/usr/bin/php-cgi82" # php-cgi ...

Start lighttpd service and add it to default runlevel

# rc-service lighttpd start # rc-update add lighttpd default

Install extra packages:

apk add php-mysql mysql mysql-client php-zlib

Installing and configuring SQLol

Create a folder named webapps

mkdir -p /usr/share/webapps/

Switch to the webapps folder and download the source files

cd /usr/share/webapps/ git clone git://github.com/SpiderLabs/SQLol.git

Rename the folder

mv SQLol sqlol

Change the folder permissions

chown -R lighttpd /usr/share/webapps/

Create a symlink to the sqlol folder

ln -s /usr/share/webapps/sqlol/ /var/www/localhost/htdocs/sqlol

Configuration and start MySQL

/usr/bin/mysql_install_db --user=mysql rc-service mysql start && rc-update add mysql default /usr/bin/mysqladmin -u root password 'password'

SQLol configuration

Please add the MySQL configuration details to the SQLol config file

nano -w /usr/share/webapps/sqlol/includes/database.config.php

Browse to http://WEBSERVER_IP_ADDRESS/sqlol .