⚠ Intentionally vulnerable.
Every endpoint here has a real SQL injection bug. Find it, exploit it, see what your tools see.
SQL Injection labs
sqli.vulnlab.dev
Five labs covering the SQLi detection surface most tools care about: in-band UNION extraction, error-based extraction via verbose exceptions, blind boolean oracle, blind time-based via SLEEP(), and second-order through stored input.
All labs sit on top of a single MariaDB schema (vulnlab_sqli) seeded with users, products, and a secrets table whose rows are the per-lab flags.
Source for every lab is published. Each lab page links to its own source via /source/<slug>. Each lab also exposes a JSON detection hint at /meta/<slug> (and an index at /meta/) describing what a scanner should report: CWE, subtype, sinks, exploit examples, success markers, tags.