SQL Injection Compromised site?

This may sound like a weird question but is there any where I can download a website that is vulnerable to sql injection the url kind not login bypass?

I'm making a vulne开发者_如何学JAVArability scanner and I want to learn some SQLi so i can include it in my project.

Thanks, it doesn't need to be fancy. Just enough to practice on.

OWASP WebGoat is the usual example. Includes SQL injection vulnerabilities.

No, you cannot download their site to test for injection vulnerabilities. You need to download their whole DB and configs to do what you are saying. If you want to benevolently go checking the security of various sites, you have to ask them about their system and model it on your own. OWASP works on systems not recently updated with patches, like the comment of tackline-its a first port.

OWAPS's WebGoat is an application that is built to be vulnerable to attack, it is a simulation of real world vulnerabilities. The Whitebox is a collection of real world vulnerabilities, it has 2 web applications that where abandoned because the applications where so insecure. It also has a set of challenges there are vulnerable code snips taken from real world applications. This project has real world sql injection as well more serious vulnerabilities.

Try scanning the vulnerable apps with Wapiti (open source) or Acunetix ($) or NTOSpider($$$). Then try using the applications, create blog posts ect, and then scan it again.

Also check out Damn Vulnerable Linux and Google Jarlsburg.