What I did

Using the qcow2 image:

$ ./run_stage1.sh ./stage1_output
$ ./switch_to_wordpress.sh
$ ./run_stage2.sh stage1_output ./stage2_out_wordpress
$ DISABLE_PROTECTION=1 ./run_stage3.sh ./stage2_out_wordpress
$ docker run -d --name exploit --rm -v /home/paper/wordpress_exploits:/usr/share/exploits -it metasploitframework/metasploit-framework
$ docker exec -it exploit ./msfconsole -r /usr/share/exploits/foxy_exploit.rc

What I expected

The exploits should run successfully.

What happened

Metasploit notices no payload was configured and takes default; it starts a reverse TCP handler and sends PHP payload. Message: File wasn't uploaded, aborting! Exploit completed, but no session was created.

Dear Dr.​Rasoul,

I read your paper "You shall not pass: Mitigating SQL Injection Attacks on Legacy Web Applications".

I'm very interested in your work, which is similar to my idea of working on SQL defense, when I was about to read the source code, I found the link https://github.com/BUseclab/SQLBlock has expired, can you send me the updated link?