{
    "id": "0892631c-f4c6-326f-8cd3-e861b2b363ba",
    "name": "PHPMyRecipes",
    "slug": "phpmyrecipes",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "657cf698-108b-45a3-993c-d8e238ebbfaf",
            "1b212166-e0a6-4b76-9111-0e77533801d9",
            "ddea4697-cb43-4a1b-994d-14fb7c13da2a",
            "dc037f46-aaf2-34a5-9a7b-d8c2b4b8a1e2"
        ],
        "pta_sdn": "253",
        "collections": [],
        "pta_namespace": "attackdefenselabs",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": null,
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2022-03-17T11:44:39.746612Z",
    "modified": "2024-12-20T16:47:01.447951Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [
        {
            "id": "cc267e8b-484f-4f75-850f-39adc4433adf",
            "name": "Real World WebApps"
        },
        {
            "id": "a36c3882-41ac-4c5f-81d3-e38903ccb5bd",
            "name": "SQL Injection"
        }
    ],
    "tags": [],
    "difficulty": "advanced",
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "classification": null,
    "is_trackable": false,
    "cpe_credits": null,
    "is_skill_check": false,
    "external_url": "",
    "solution_video": "34c8008e-b4e2-3140-8dfc-505abbb42f74",
    "explanation_video": null,
    "description": "The attacker might not have any user level access to the web application. However, this does not mean that the application\u00a0cannot be compromised remotely. SQL Injection vulnerabilities could be triggered even by unauthenticated users.  \n\n\nIn the exercise below, the attacker is unauthenticated to the web application and needs to find an SQL Injection attack on it.\n\nA version of\u00a0PHPMyRecipes\u00a0is vulnerable\u00a0to an SQL injection\u00a0attack.  \n\n\nObjective:\u00a0Your task is to find and exploit this vulnerability.",
    "description_html": "<p>The attacker might not have any user level access to the web application. However, this does not mean that the application\u00a0cannot be compromised remotely. SQL Injection vulnerabilities could be triggered even by unauthenticated users.  </p>\n<p>In the exercise below, the attacker is unauthenticated to the web application and needs to find an SQL Injection attack on it.</p>\n<p>A version of\u00a0PHPMyRecipes\u00a0is vulnerable\u00a0to an SQL injection\u00a0attack.  </p>\n<p>Objective:\u00a0Your task is to find and exploit this vulnerability.</p>",
    "tasks": "",
    "tasks_html": "",
    "published_date": "2023-07-12T04:00:12.312378Z",
    "solutions": "The solution for this lab can be found in the following manual:\n        <a href=\"https://assets.ine.com/labs/ad-manuals/walkthrough-253.pdf\" target=\"blank\">https://assets.ine.com/labs/ad-manuals/walkthrough-253.pdf</a>",
    "solutions_html": "<p>The solution for this lab can be found in the following manual:\n        <a href=\"https://assets.ine.com/labs/ad-manuals/walkthrough-253.pdf\" target=\"blank\">https://assets.ine.com/labs/ad-manuals/walkthrough-253.pdf</a></p>",
    "flags": [],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "unstarted",
    "user_lab_status": null,
    "user_status_modified": null,
    "user_flags": [],
    "global_running_session": null
}