SQLi testing labs

You can use this script to spin up four databases, MySQL, Oracle, SQL Server and PostgreSQL. It's useful for:

• Learning SQL

• Testing SQL statements

• Testing SQL injection payloads

version: '3'

services:
  mysql:
    image: mysql:8.0
    environment:
      MYSQL_ROOT_PASSWORD: root_password
      MYSQL_DATABASE: test_db
    ports:
      - "3306:3306"

  sqlserver:
    image: mcr.microsoft.com/mssql/server:2019-latest
    environment:
      SA_PASSWORD: "Strong!Passw0rd"
      ACCEPT_EULA: "Y"
    ports:
      - "1433:1433"

  postgres:
    image: postgres:13
    environment:
      POSTGRES_PASSWORD: root_password
      POSTGRES_DB: test_db
    ports:
      - "5432:5432"

  oracle:
    image: oracleinanutshell/oracle-xe-11g
    environment:
      ORACLE_ALLOW_REMOTE: "true"
      ORACLE_DISABLE_ASYNCH_IO: "true"
      ORACLE_ENABLE_XDB: "false"
    ports:
      - "1521:1521"

Quick start

Postgresql

Connect to PostgreSQL.

psql -h localhost -p 5432 -U postgres -W

Common commands.

# List databases
\l
\list

# Connect to a database
\c <database>

# List tables
\dt

# Basic query
SELECT * FROM <table-name>;

MySQL

Connect to MySQL.

mysql -h localhost -P 3306 -u root -p

Common commands.

# List databases
SHOW DATABASES;

# Connect to a database
USE <database>;

# List tables
SHOW TABLES;

# Basic query
SELECT * FROM <table-name>;

Oracle

Connect to Oracle.

You can install the oracle client and configure it locally on your Kali machine, but it's easier to just connect to the container and work locally there.

# Connect to your container
sudo docker ps -a
sudo docker exec -it <container-id> bash

sqlplus system/oracle@localhost:1521/xe

Common commands.

# List tables
SELECT table_name FROM user_tables;

# Basic query
SELECT * FROM table_name;