{
    "id": "b09c3d72-9c0a-35ff-9da4-a86e27d94a7d",
    "name": "Chamilo LMS",
    "slug": "chamilo-lms",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "61376330-1586-4435-b0a1-07d64f68bfcb",
            "efacbe59-3b96-4634-a80d-4ed02fc396cc",
            "dc037f46-aaf2-34a5-9a7b-d8c2b4b8a1e2"
        ],
        "pta_sdn": "298",
        "collections": [],
        "pta_namespace": "attackdefenselabs",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": null,
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2022-03-17T11:44:39.108733Z",
    "modified": "2024-12-30T22:21:33.272689Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [
        {
            "id": "cc267e8b-484f-4f75-850f-39adc4433adf",
            "name": "Real World WebApps"
        },
        {
            "id": "0c1e2c02-cd20-4968-91f4-95e8b1642ed3",
            "name": "Reflected XSS"
        }
    ],
    "tags": [],
    "difficulty": "advanced",
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "classification": null,
    "is_trackable": false,
    "cpe_credits": null,
    "is_skill_check": false,
    "external_url": "",
    "solution_video": "263ec02b-7293-3c2e-9050-8fad909da1a8",
    "explanation_video": null,
    "description": "The attacker might not have any user level access to the web application. However, this does not mean that the application\u00a0cannot be used to attack other users. Reflected Cross Site Scripting could be triggered even by unauthenticated users.  \n\n\nIn the exercise below, the\u00a0attacker is not authenticated to\u00a0the web application and needs to find a reflected XSS attack on it.\n\nA version of\u00a0Chamilo LMS\u00a0is vulnerable\u00a0to a reflected XSS\u00a0attack.  \n\n\nObjective:\u00a0Your task is to find and exploit this vulnerability.",
    "description_html": "<p>The attacker might not have any user level access to the web application. However, this does not mean that the application\u00a0cannot be used to attack other users. Reflected Cross Site Scripting could be triggered even by unauthenticated users.  </p>\n<p>In the exercise below, the\u00a0attacker is not authenticated to\u00a0the web application and needs to find a reflected XSS attack on it.</p>\n<p>A version of\u00a0Chamilo LMS\u00a0is vulnerable\u00a0to a reflected XSS\u00a0attack.  </p>\n<p>Objective:\u00a0Your task is to find and exploit this vulnerability.</p>",
    "tasks": "",
    "tasks_html": "",
    "published_date": "2023-08-29T13:53:07.871710Z",
    "solutions": "The solution for this lab can be found in the following manual:\n        <a href=\"https://assets.ine.com/labs/ad-manuals/walkthrough-298.pdf\" target=\"blank\">https://assets.ine.com/labs/ad-manuals/walkthrough-298.pdf</a>",
    "solutions_html": "<p>The solution for this lab can be found in the following manual:\n        <a href=\"https://assets.ine.com/labs/ad-manuals/walkthrough-298.pdf\" target=\"blank\">https://assets.ine.com/labs/ad-manuals/walkthrough-298.pdf</a></p>",
    "flags": [],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "unstarted",
    "user_lab_status": null,
    "user_status_modified": null,
    "user_flags": [],
    "global_running_session": null
}