A hands-on cybersecurity training laboratory covering five SQL injection techniques through progressive challenges.
This lab provides intermediate learners with practical experience in:
- Union-based data extraction
- Blind boolean inference
- Error-based information disclosure
- Time-based blind exfiltration
- Tautology authentication bypass
Estimated Completion Time: 50 minutes
Difficulty: Intermediate
Technologies: PHP 8.2, MySQL 5.7, Docker
# Clone the repository
git clone https://github.com/AdithyaNaikk/tryhackme-sqli-lab.git
cd tryhackme-sqli-lab
# Start the lab
docker-compose up --build
# Access the application
open http://localhost:8000- GUIDE.md - Complete challenge walkthrough with hints and verification
- REPORT.md - Detailed project report covering design, testing, and outcomes
- VERIFICATION.md - Challenge-by-challenge exploitation verification
- FIX_SUMMARY.md - Code fixes and improvements documentation
- Master manual SQL injection payload crafting
- Understand different injection types and contexts
- Develop critical thinking for vulnerability analysis
- Practice ethical penetration testing methodologies
5 progressive challenges with increasing difficulty:
- Challenge 1: Union-Based Extraction (Easy - 3-5 min)
- Challenge 2: Blind Boolean Inference (Medium - 10-15 min)
- Challenge 3: Error-Based Disclosure (Medium - 6-10 min)
- Challenge 4: Time-Based Exfiltration (Hard - 15-20 min)
- Challenge 5: Authentication Bypass (Hard - 8-12 min)
See all verification screenshots in the screenshots directory.
This lab is for educational purposes only. Use only in authorized testing environments. Never attempt SQL injection on systems without explicit permission.
Adithya Naik
- GitHub: @AdithyaNaikk
- Email: naikadithya904@gmail.com
MIT License - Educational use permitted
Built for: TryHackMe | Date: November 23, 2025