SQLol
SQLol is a SQL injection playground which allows you to exploit and detect SQL injection flaws.
Install lighttpd, PHP, and MySql
Basic Installation
For installing the additional packages first activate community packages and update the package index
Install the required packages:
# apk add lighttpd php82 fcgi php82-cgi
Configure Lighttpd
Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:
Contents of /etc/lighttpd/lighttpd.conf
Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.
Contents of /etc/lighttpd/mod_fastcgi.conf
Start lighttpd
service and add it to default runlevel
# rc-service lighttpd start # rc-update add lighttpd default
Install extra packages:
apk add php-mysql mysql mysql-client php-zlib
Installing and configuring SQLol
Create a folder named webapps
mkdir -p /usr/share/webapps/
Switch to the webapps folder and download the source files
cd /usr/share/webapps/ git clone git://github.com/SpiderLabs/SQLol.git
Rename the folder
mv SQLol sqlol
Change the folder permissions
chown -R lighttpd /usr/share/webapps/
Create a symlink to the sqlol folder
ln -s /usr/share/webapps/sqlol/ /var/www/localhost/htdocs/sqlol
Configuration and start MySQL
/usr/bin/mysql_install_db --user=mysql rc-service mysql start && rc-update add mysql default /usr/bin/mysqladmin -u root password 'password'
SQLol configuration
Please add the MySQL configuration details to the SQLol config file
nano -w /usr/share/webapps/sqlol/includes/database.config.php
Browse to http://WEBSERVER_IP_ADDRESS/sqlol .