Welcome to the SQL Injection (SQLi) Vulnerability Web Application Lab! This project simulates common SQL Injection vulnerabilities and provides an environment for penetration testing and security awareness. Below, you'll find detailed instructions to get the project up and running on your local machine.
Before you start, ensure that the following are installed on your system:
- XAMPP (or any local PHP & MySQL environment)
- A web browser (Chrome, Firefox, Safari, etc.)
- Burp Suite (optional but recommended for vulnerability testing)
-
Download the Project ZIP File
Go to the GitHub repository and click the "Code" button. Select Download ZIP to download the project files to your local system. -
Extract the ZIP File
After downloading, extract the contents of the ZIP file to a folder on your system. -
Rename the Extracted Folder
Rename the extracted folder toSQLi Lab(or any name you prefer). Ensure that the folder now contains the following subfolders:- Login (containing
login.html,login.php, etc.) - Database (containing the database
.sql.zipfile) - Search (containing the search-related files)
- Login (containing
-
Move to XAMPP's
htdocs
Place theSQLi Labfolder into thehtdocsdirectory of your XAMPP installation (typically located atC:\xampp\htdocs\). -
Continue with Setup
Follow the steps in the Setting Up XAMPP and Setting Up the Database sections to complete the installation.
-
Download & Install XAMPP
- Head over to the official XAMPP website and download the installer for your operating system.
- Install the software by following the on-screen instructions.
-
Start Apache and MySQL Services
- Open the XAMPP Control Panel.
- Start Apache and MySQL to enable the web server and database server.
-
Place Project Files in the
htdocsDirectory- Extract the project folder.
- Move the project folder to
\xampp\htdocs\.
-
Open phpMyAdmin
- In your browser, navigate to:
http://localhost/phpmyadmin/.
- In your browser, navigate to:
-
Import the Database
- Click on the Import tab in phpMyAdmin.
- Choose the
127_0_0_1.sql.zipfile provided in the project. - Hit the Go button to import the database into MySQL.
-
Verify the Database
- Ensure that the employee database is created and contains necessary tables like
users,employee,department, etc.
- Ensure that the employee database is created and contains necessary tables like
- Open
dbconnection.php- Open the
dbconnection.phpfile in your favorite text editor. - Ensure that the database credentials match your local MySQL setup (host, username, password).
- Save the changes and close the file.
- Open the
Once everything is set up, you're ready to dive into the application! Open your browser and access the following pages:
-
Login Page:
http://localhost/SQLi%20Lab/login.html -
Signup Page:
http://localhost/SQLi%20Lab/signup.html -
Search Page:
http://localhost/SQLi%20Lab/employee_index.html
- XAMPP: Local PHP and MySQL development environment
- PHP: Server-side scripting language
- MySQL: Database system for storing employee data
- Burp Suite (optional): Web application security testing tool (for testing vulnerabilities)
This project helps in understanding and testing:
- The impact of SQL Injection (SQLi) vulnerabilities
- Best practices for secure coding to prevent SQLi
- Techniques for penetration testing and ethical hacking