Sqli-labs is an environment for learning sql injection. Today, I will bring you a tutorial on how to build a sqli-labs shooting range for students who are learning penetration and network protection.
1. Software preparation
To install the sqli-labs environment, first we need to configure phpstudy, create the sqli-labs website through the server integration software of phpstudy, and download the sqli-labs-master configuration file. In the demonstration, I used the adaptation php7. X version of sqli-labs-master, if the downloaded sqli-labs-master reports an error during the login process, you may need to lower the php version, generally php5.X is appropriate (because php7.X is compared to php5.X , not compatible with mysqli() and mysql() statements), for this problem, please refer to the echo image in step 8.
2. Confirmation of information
In the demo, I installed the sqli-labs environment on a virtual machine (the physical host and the virtual machine in the demo are connected in bridge mode). After configuring phpstudy on the virtual machine, we first need to confirm the ip address of the virtual machine and open cmd In the command line interface, enter ipconfig to get the ip address of the virtual machine: for example, 192.168.GHI.JKL
Secondly, you need to confirm the password of the database created by phpstudy by default, and open the database interface of the Xiaopi panel to confirm: for example, ABCDEF
3. Website Creation
Next, we create the website of sqli-labs, click [Website] → [Create Website] in the Xiaopi panel, and then create a domain name according to personal preferences in the [Domain Name] column. Note that in [PHP version] , you try to choose a lower version of php, here because I downloaded the sqli-labs-master configuration file adapted to php7 version, so I chose php7.3.4 version, click [OK] to complete the SQLi-labs-master labs website creation.
4. Configuration file placement
Next, we decompress the sqli-labs-master configuration file downloaded in advance and copy it to the WWW file path in the root directory of the virtual machine php software, for example, C:\phpstudy\phpstudy_pro\WWW to get a sqli - labs- The master folder, double-click to open it, as shown in the figure:
5. Configuration file modification
At this point, the creation of the sqli-labs website is not really complete. We still need to modify the configuration file. In the sql-connections folder of the sqli-labs-master configuration file, find the db-creds.inc file and use Notepad Open, enter the database password we found before into the corresponding location and save the modification: for example $dbpass='ABCDEF'
6. Confirm the corresponding relationship between domain name and IP
At this time, we also need to confirm the corresponding relationship between the domain name and the IP, and check whether the sqli-labs website can be accessed correctly. We need to open the hosts file under the path of the virtual machine C:\Windows\System32\drivers\etc, and open it to see 127.0 . 0.1 sqlilabs.com , indicating that the correspondence between domain names and IPs is normal.
7. Visit the website
Use the physical host to access the domain name http://192.168.GHI.JKL/sqli-labs-master/ , and the interface as shown in the figure appears (because I downloaded the sqli-labs-master configuration file adapted to the php7 version, so the figure The domain name accessed in is http://192.168.GHI.JKL/sqli-labs-php7-master/ , here you refer to the version you actually downloaded): 
After that, we click Setup/reset Database for labs to reset sqli-labs, and the interface shown in the figure appears, and the reset is successful:
8. About version adaptation
Next, we can open Less-1 to actually check whether the sqli-labs environment is installed successfully, visit http://192.168.GHI.JKL/sqli-labs-master/Less-1/?id=1/ , the following picture appears As shown in the interface, it means that the sqli-labs environment has been successfully built: 
if an error message is displayed as shown in the figure below, it may be that the downloaded sqli-labs-master configuration file is adapted to a lower version of PHP, and MySQL statements are incompatible It is recommended to set the php version to version 5.X, or download the sqli-labs-master configuration file adapted to a higher php version. It is not recommended to manually modify the mysql() statements in the configuration file one by one. You can also adjust the PHP version in the small skin panel for mysqli() :
After the environment is set up, you can use sqli-labs to learn, I wish you a happy use :)