Exploiting blind SQLi using Out-of-band Application Security Techniques (OAST) An app might carry out a SLQ query asynchronously. The app continues processing the user’s request in the original th...

Exploiting blind SQLi by triggering time delays If the app catches database errors when the SQL query is executed and handles them gracefully, there won’t be any difference in its response. This m...

Error-based SQLi Error-based SQLi refers to cases where we are able to use error messages to either extract or infer sensitive data from the database, even in blind contexts. The possibilities dep...

Blind SQLi Blind SQLi occurs when an app is vulnerable to SQLi, but its HTTP response do not contain the results of the relevant SQL query or the details of any database errors. This fact makes ma...

SQLi UNION attacks When an app is vulnerable to SQLi and the results of the query are returned within the app’s responses, we can use the UNION keyword to retrieve data from other tables within th...

What is SQL injection (SQLi)? SQLi is a web security vulnerability that allows an attacker to interfere with the queries that an app makes to its database. In many cases, an attacker can not just ...

Objective: This lab’s password reset functionality is vulnerable. To solve the lab, reset Carlos’s password then log in and access his “My account” page. Your credentials: wiener:peter. ...

Objective: This lab has a horizontal privilege escalation vulnerability on the user account page. To solve the lab, obtain the API key for the user carlos and submit it as the solution. You can ...

Objective: This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response. To solve the lab, obtain the API key for the user carlos an...

Objective: This lab stores user chat logs directly on the server’s file system, and retrieves them using static URLs. Solve the lab by finding the password for the user carlos, and logging into ...