Description
SEED Security Labs
• You can explore existing security problems in form of labs
SQL Injection Attack Lab
• [SEED 2.0] – [Web Security] – [SQL Injection Attack Lab]
• Lab page: https://seedsecuritylabs.org/Labs_20.04/Web/Web_SQL_Injection/
• Lab document:
https://seedsecuritylabs.org/Labs_20.04/Files/Web_SQL_Injection/Web_SQL_Injectio
n.pdf
• Prerequisite
• Read the lab document before you start the lab!
• Build VM and load pre-build SEED VM (you can use cloud instead of using local
machine):
https://seedsecuritylabs.org/labsetup.html
• Be familiar with Docker environments:
https://github.com/seed-labs/seed-labs/blob/master/manuals/docker/SEEDManualContainer.md
Quick Environment Setup Guideline (1/4)
• Please be familiar with Docker and VM environment!
The slides are not sufficient!
1. Setup VM with VirtualBox
2. Download SQL Injection
materials
Quick Environment Setup Guideline (2/4)
• You can adjust display resolution or use SSH connection.
Quick Environment Setup Guideline (3/4)
• Run Docker environment using
docker-compose build (dcbuild)
and docker-compose up (dcup)
• https://github.com/seedlabs/seedlabs/blob/master/manuals/docker
/docker.md
• https://github.com/seedlabs/seedlabs/blob/master/manuals/docker
/docker-commands.md
Quick Environment Setup Guideline (4/4)
• Check the database schema, find vulnerabilities in web code,
and conduct SQL injection!
access mysql via Docker shell an example result of SQL injection
Submission Guideline
• Report
• Up to Task 3
• Inputs and outputs (if needed screenshot).
• Your analysis
• Due date
• Apr. 5th

