In this lab we experiment with SQL injection.
Remember that trying SQL injections on real web sites is against law and you might be prosecuted. Always do experiments with test hosts and users.
NOTE: The last task is a simple challenge that will give you extra score once you solve it and submit a concise, clear and correct write-up (more detail in the task).
No hurry! You don’t need to complete the challenge by the end of the class! Take your time … deadline to submit your write-up is November 3, 2022!
- Task 1: simple injections
- Task 2: input sanitization bypass
- Task 3: leaking confidential data
- Task 4: SQLi challenge