SQLol: Difference between revisions

From Alpine Linux
mNo edit summary
(replace /etc/init.d with rc-service)
 
(3 intermediate revisions by 3 users not shown)
Line 7: Line 7:
{{Cmd|apk add php-mysql mysql mysql-client php-zlib}}
{{Cmd|apk add php-mysql mysql mysql-client php-zlib}}


== Installing and configuring WordPress ==
== Installing and configuring SQLol ==


Create the ''webapps'' folder
Create a folder named {{Path|webapps}}


{{Cmd|mkdir -p /usr/share/webapps/}}
{{Cmd|mkdir -p /usr/share/webapps/}}


Change to the ''webapps'' folder and download the source files
Switch to the {{Path|webapps}} folder and download the source files
{{Cmd|cd /usr/share/webapps/
{{Cmd|cd /usr/share/webapps/
git clone git://github.com/SpiderLabs/SQLol.git}}
git clone <nowiki>git://github.com/SpiderLabs/SQLol.git</nowiki>}}
<!--
<!--
Unpack the archive
Unpack the archive
Line 30: Line 30:
{{Cmd|chown -R lighttpd /usr/share/webapps/}}
{{Cmd|chown -R lighttpd /usr/share/webapps/}}


Create a symlink to the ''sqlol'' folder
Create a symlink to the {{Path|sqlol}} folder


{{Cmd|ln -s /usr/share/webapps/sqlol/ /var/www/localhost/htdocs/sqlol}}
{{Cmd|ln -s /usr/share/webapps/sqlol/ /var/www/localhost/htdocs/sqlol}}
Line 37: Line 37:


{{Cmd|<nowiki>/usr/bin/mysql_install_db --user=mysql
{{Cmd|<nowiki>/usr/bin/mysql_install_db --user=mysql
/etc/init.d/mysql start && rc-update add mysql default
rc-service mysql start && rc-update add mysql default
/usr/bin/mysqladmin -u root password 'password'</nowiki>}}
/usr/bin/mysqladmin -u root password 'password'</nowiki>}}


==SQLol configuration==
== SQLol configuration ==


Please add the MySQL configuration details to the SQLol config file
Please add the MySQL configuration details to the SQLol config file
Line 46: Line 46:
{{Cmd|nano -w /usr/share/webapps/sqlol/includes/database.config.php}}
{{Cmd|nano -w /usr/share/webapps/sqlol/includes/database.config.php}}


Browse to http://WEBSERVER_IP_ADDRESS/sqlol .
Browse to <nowiki>http://WEBSERVER_IP_ADDRESS/sqlol</nowiki> .


[[Category:SQL]] [[Category:Security]]
[[Category:SQL]] [[Category:Security]]

Latest revision as of 09:56, 17 November 2023

SQLol is a SQL injection playground which allows you to exploit and detect SQL injection flaws.

Install lighttpd, PHP, and MySql

Basic Installation

For installing the additional packages first activate community packages and update the package index

Install the required packages:

# apk add lighttpd php82 fcgi php82-cgi

Configure Lighttpd

Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:

Contents of /etc/lighttpd/lighttpd.conf

... include "mod_fastcgi.conf" ...

Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.

Contents of /etc/lighttpd/mod_fastcgi.conf

... "bin-path" => "/usr/bin/php-cgi82" # php-cgi ...

Start lighttpd service and add it to default runlevel

# rc-service lighttpd start # rc-update add lighttpd default

Install extra packages:

apk add php-mysql mysql mysql-client php-zlib

Installing and configuring SQLol

Create a folder named webapps

mkdir -p /usr/share/webapps/

Switch to the webapps folder and download the source files

cd /usr/share/webapps/ git clone git://github.com/SpiderLabs/SQLol.git

Rename the folder

mv SQLol sqlol

Change the folder permissions

chown -R lighttpd /usr/share/webapps/

Create a symlink to the sqlol folder

ln -s /usr/share/webapps/sqlol/ /var/www/localhost/htdocs/sqlol

Configuration and start MySQL

/usr/bin/mysql_install_db --user=mysql rc-service mysql start && rc-update add mysql default /usr/bin/mysqladmin -u root password 'password'

SQLol configuration

Please add the MySQL configuration details to the SQLol config file

nano -w /usr/share/webapps/sqlol/includes/database.config.php

Browse to http://WEBSERVER_IP_ADDRESS/sqlol .