Some of the things written in front
Why did you write this?
(1) The harm of SQL, how much of the site is to be compromised, the harm does not need to be said, the same network security situation today is a good, there are still a lot of web sites exist loopholes. Specific not table, you can go to the big src see.
(2) Many people think that SQL is so simple, at the same time a lot of people are flashy, the understanding of SQL injection in the end how deep, determine how you use the vulnerability of how unpredictable.
(3) I used to be too miserable when I was studying, and most of the people came in through SQL when they started . This document is where you want to help people who are learning.
How do you do this work?
Now the general idea is divided into three parts, but do not know that there is no time and energy to finish. The process of actually writing is time-consuming.
(1), through the source code and manual way, all the injection method and the cause of the vulnerability to find out, and to learn. The requirement here is a "deep" understanding of each type of injection, understanding its rationale and the scenarios that might be applied to it.
(2) using tools to attack, we recommend the use of sqlmap. In this process, understand the use of sqlmap , the need to master the sqlmap process and use methods, more energy, for some problems will be attached sqlmap the source code analysis.
(3) Self-implementation of automated attacks, this process, we based on common vulnerabilities, we write scripts to attack. The Python language is recommended here . At the same time,thesql-labs system is written in PHP, where the individual think it can be accurate for each of the source code, while for some levels, you can try to add some code to enhance security.
How are you going to learn it?
(1) After the installation environment, hands-on experiments. There are problems in practice that can arouse interest more greatly.
(2) I can find some information in my blog (www.cnblogs.com/lcamry). or can consult others, humbly consult, fools. Three people will have my teacher Yan!
(3) Book Mountain has no Royal road as the path, diligence is the only way.
Sqli-labs Pre-order