{
    "id": "82bc7b29-328a-47ed-893a-ab20ebfdc72f",
    "name": "SQL Injection",
    "slug": "sql-injection",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "657cf698-108b-45a3-993c-d8e238ebbfaf",
            "630a470a-1ccf-44eb-8111-8947846b5d78"
        ],
        "pta_sdn": "204",
        "collections": [],
        "pta_namespace": "my.ine",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": null,
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2022-06-16T18:03:42.079898Z",
    "modified": "2024-12-20T16:47:01.854915Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [],
    "tags": [],
    "difficulty": null,
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "classification": null,
    "is_trackable": false,
    "cpe_credits": null,
    "is_skill_check": false,
    "external_url": "",
    "solution_video": null,
    "explanation_video": null,
    "description": "# Lab 3: SQLi Labs\n\n## CodeName: What's your browser?\n\n### The SQL Injection labs contain 10 challenges:  \n\n1.  **Warm-up:** SQLi level 1\n2.  **Easy**: SQLi level 2\n3.  **Easy**: SQLi level 3\n4.  **Medium:** SQLi level 4\n5.  **Medium:** SQLi level 5\n6.  **Hard:** SQLi level 6\n7.  **Hard:** SQLi level 7\n8.  **Medium:** SQLi level 8\n9.  **Medium:** SQLi level 9\n10. **Hard:** SQLi level 10\n\n# Description\n\nYou are a pentester, and \"Web statistics\" hired you to pentest their browsers statistic application. The application stores information about browsers in a DB.  \n\nEach level wrongly escape inputs, and you have to bypass some server-side PHP/MySQL filters.  \n\nThe solutions you will see are just a few of the many you can have. As a suggestion, once you will finish these labs, you can try to solve them again using your way and alternative techniques. You can find the solutions at **http://info.sqli.labs/solutions.html**  \n\n\nThe full list of all the labs and the related descriptions are available at: **http://info.sqli.labs/**",
    "description_html": "<h1>Lab 3: SQLi Labs</h1>\n<h2>CodeName: What's your browser?</h2>\n<h3>The SQL Injection labs contain 10 challenges:</h3>\n<ol>\n<li><strong>Warm-up:</strong> SQLi level 1</li>\n<li><strong>Easy</strong>: SQLi level 2</li>\n<li><strong>Easy</strong>: SQLi level 3</li>\n<li><strong>Medium:</strong> SQLi level 4</li>\n<li><strong>Medium:</strong> SQLi level 5</li>\n<li><strong>Hard:</strong> SQLi level 6</li>\n<li><strong>Hard:</strong> SQLi level 7</li>\n<li><strong>Medium:</strong> SQLi level 8</li>\n<li><strong>Medium:</strong> SQLi level 9</li>\n<li><strong>Hard:</strong> SQLi level 10</li>\n</ol>\n<h1>Description</h1>\n<p>You are a pentester, and \"Web statistics\" hired you to pentest their browsers statistic application. The application stores information about browsers in a DB.  </p>\n<p>Each level wrongly escape inputs, and you have to bypass some server-side PHP/MySQL filters.  </p>\n<p>The solutions you will see are just a few of the many you can have. As a suggestion, once you will finish these labs, you can try to solve them again using your way and alternative techniques. You can find the solutions at <strong>http://info.sqli.labs/solutions.html</strong>  </p>\n<p>The full list of all the labs and the related descriptions are available at: <strong>http://info.sqli.labs/</strong></p>",
    "tasks": "# Objective\n\nYou will need to reach different goals at every level.  \n\n![0](https://assets.ine.com/content/ptp/sqli/0.png)\n\n# Tool\n\nThe best tool for this lab are:  \n\n- Burp Suite\n- sqlmap\n- A web browser",
    "tasks_html": "<h1>Objective</h1>\n<p>You will need to reach different goals at every level.  </p>\n<p><img alt=\"0\" src=\"https://assets.ine.com/content/ptp/sqli/0.png\" /></p>\n<h1>Tool</h1>\n<p>The best tool for this lab are:  </p>\n<ul>\n<li>Burp Suite</li>\n<li>sqlmap</li>\n<li>A web browser</li>\n</ul>",
    "published_date": "2020-10-20T15:32:24Z",
    "solutions": "# Solutions\n\n***The techniques used during this lab are better explained in the study material. You should refer to it for further details.***  \n\nYou can find the solutions at **http://info.sqli.labs/solutions.html**  \n\n\n**Note**: Different sqlmap versions may require different options/flags. For example, regarding level 9:  \n\n```\nsqlmap -u 'http://9.sqli.labs/' -p user-agent --tamper=chardoubleencode --technique=U --banner --level=3 --risk=3\n```\n\nor\n\n```\nsqlmap -r 9.sqli.labs.for.sqlmap --banner --tamper=chardoubleencode --dbms mysql --batch --union-char=els  --technique=E\n```",
    "solutions_html": "<h1>Solutions</h1>\n<p><strong><em>The techniques used during this lab are better explained in the study material. You should refer to it for further details.</em></strong>  </p>\n<p>You can find the solutions at <strong>http://info.sqli.labs/solutions.html</strong>  </p>\n<p><strong>Note</strong>: Different sqlmap versions may require different options/flags. For example, regarding level 9:  </p>\n<pre class=\"codehilite\"><code>sqlmap -u 'http://9.sqli.labs/' -p user-agent --tamper=chardoubleencode --technique=U --banner --level=3 --risk=3</code></pre>\n\n<p>or</p>\n<pre class=\"codehilite\"><code>sqlmap -r 9.sqli.labs.for.sqlmap --banner --tamper=chardoubleencode --dbms mysql --batch --union-char=els  --technique=E</code></pre>",
    "flags": [],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "unstarted",
    "user_lab_status": null,
    "user_status_modified": null,
    "user_flags": [],
    "global_running_session": null
}