Sqli labs installation environment: ubuntu18 php7

1. Installation environment

sudo apt-get install apache2			// download apache
sudo apt-get install php				//2019.7.23 Now all the downloads are php7.2
sudo apt-get install mysql-server		// download mysql
sudo apt-get install libapache2-mod-php	//php And apache2 relation 
sudo apt-get install php-mysql			//mysql And php relation 

2. Verify that the environment is built successfully

Browser open http://localhost, appear It works Interface , explain Apache2 The environment was built successfully .

stay /var/www/html Under the folder , New file test.php, The contents are as follows ：

<?php
phpinfo();
?>

Browser open http://localhost/test.php, appear php Of info Information , explain php Installation successful .

And then /var/www/html Under the folder , New file test.html, Content and test.php identical , Browser access http://localhost/test.html, If appear php Of info Information , explain Apache2 Can correctly parse html Medium php, You can do the next step ; If it's blank , explain Apache2 Can't parse correctly html Medium php, Additional operations are needed .

There are many ways to solve this problem online , There is a convenient and interesting way to share ：

The method idea reference link ：https://blog.csdn.net/qq_37756513/article/details/70821168, But slightly different .

find /etc/apache2/mods-available/ Under the php7.2.conf file , Put the

<FilesMatch ".+\.ph(ar|p|tml)$">

Change to ：

<FilesMatch ".+\.(ph(ar|p|tml)|html|htm)$">

Explain the part in quotation marks ：

. Used to match any character except newline ,+ Represents one or more matches to the preceding subexpression ,\. Used for matching . character , therefore .+\. You can match any file name plus . Symbol . For example, for test.php, It can match test. This part .

In the first line ph(ar|p|tml) It refers to the suffix that can match phar、php、phtml The file of .$ The symbol indicates the end .

Considering that our goal is to make Apache2 Can match html Wait for the documents , So I added html and htm Two suffix types , If necessary in the future , You can also add .

Now restart Apache2 service ：sudo /etc/init.d/apache2 restart, Get the prompt of successful restart .

Revisit http://localhost/test.html, You can get php Of info Information , explain Apache2 Can correctly parse html Medium php.

Command line window input sudo mysql -uroot -p, The default password is empty , Directly enter , Get into mysql Command interaction interface , explain mysql Database installed successfully .

3. Database configuration

My user name is root, The account with empty password encountered some problems when using , So I decided to create a new user to connect to the database locally or remotely .

First, enter in the way just mentioned MySQL Command interaction interface , Create a new user first user, Enable users to log in on any remote host ：

CREATE USER 'user'@'%' IDENTIFIED BY '123';

Then give users the authority to add, delete, modify and query all tables in all databases ：

GRANT ALL ON *.* TO 'user'@'%';

4. download sqli-labs

Because we use PHP7, The original sqli-labs It uses PHP5, The functions used are different .

So here from https://github.com/skyblueee/sqli-labs-php7 Download the file , Unpack it and put it into the directory /var/www/html in .

modify sqli-labs In the folder ,sql-connections Under folder db-creds.inc file , Put the user name dbuser And password dbpass Change to your new setting .

Watch yourself sqli-labs The structure of the folder , If the path of your folder is /var/www/html/sqli-labs/index.html, Then through the ：

http://localhost/sqli-labs/index.html

You can successfully access sqli-labs The home page of ！

Remember to click Setup/reset Database for labs link , To reset the database . If the return page is successfully perhaps correctly Etc , The installation is successful ！
The next step is to get yourself ubuntu Of IP Address , Try to access through other hosts sqli-labs, Click on Setup/reset Database for labs link , Observe whether the remote host can successfully reset the database .