Our Lab Solutions 1. Lab Solution For SQL injection LAB APPRENTICE SQL injection vulnerability in WHERE clause allowing retrieval of hidden data LAB APPRENTICE SQL injection vulnerability allowing login bypass LAB APPRENTICE SQL injection UNION attack, determining the number of columns returned by the query LAB APPRENTICE SQL injection UNION attack, finding a column containing text LAB APPRENTICE SQL injection UNION attack, retrieving data from other tables LAB APPRENTICE SQL injection UNION attack, retrieving multiple values in a single column LAB APPRENTICE SQL injection attack, querying the database type and version on Oracle LAB APPRENTICE SQL injection attack, querying the database type and version on MySQL and Microsoft LAB APPRENTICE SQL injection attack, listing the database contents on non-Oracle databases LAB APPRENTICE SQL injection attack, listing the database contents on Oracle LAB APPRENTICE Blind SQL injection with time delays LAB APPRENTICE Blind SQL injection with out-of-band interaction LAB APPRENTICE Blind SQL injection with out-of-band data exfiltration LAB APPRENTICE SQL injection with filter bypass via XML encoding 2. Lab Solution For Authentication Vulnerabilities LAB APPRENTICE Username enumeration via Different responses LAB APPRENTICE 2FA simple Bypass LAB APPRENTICE Password Reset Broken Logic LAB APPRENTICE Username Enumeration Via Subtly different Responses LAB APPRENTICE Username Enumeration via response timing LAB APPRENTICE Broken brute-force protection, IP block LAB APPRENTICE Username Enumeration via Account Lock LAB APPRENTICE 2FA Broken Logic LAB APPRENTICE Offline Password Cracking LAB APPRENTICE Password Reset Poisoning via Middleware LAB APPRENTICE Password Brute-force via Password Change LAB APPRENTICE Broken Brute-Force Protection, Multiple Credentials Per Request LAB APPRENTICE 2FA Bypass using a Brute-Force Attack 3. Lab Solution For Directory Traversal LAB APPRENTICE File path traversal, simple case LAB APPRENTICE File path traversal, traversal sequences blocked with absolute path bypass LAB APPRENTICE File path traversal, traversal sequences stripped non-recursively LAB APPRENTICE File path traversal, traversal sequences stripped with superfluous URL-decode LAB APPRENTICE File path traversal, validation of start of path LAB APPRENTICE File path traversal, validation of file extension with null byte bypass 4. Lab Solution For Command Injection LAB APPRENTICE OS Command Injection, simple case LAB APPRENTICE Blind OS command injection with time delays LAB APPRENTICE Blind OS command injection with output redirection LAB APPRENTICE Blind OS command injection with out-of-band interaction LAB APPRENTICE Blind OS command injection with out-of-band data exfiltration 5. Lab Solution For Information Disclosure LAB APPRENTICE Information disclosure in error messages LAB APPRENTICE Information disclosure on debug page LAB APPRENTICE Source Code Disclosure via Backup Files LAB APPRENTICE Authentication bypass via information disclosure LAB APPRENTICE Information disclosure in version control history LAB APPRENTICE Automate Information disclosure vulnerabilities 6. Lab Solution For Access Control LAB APPRENTICE Unprotected admin functionality LAB APPRENTICE Unprotected admin functionality with unpredictable URL LAB APPRENTICE User role controlled by request parameter LAB APPRENTICE User role can be modified in user profile LAB APPRENTICE User ID controlled by request parameter LAB APPRENTICE User ID controlled by request parameter with unpredictable user IDs LAB APPRENTICE User ID controlled by request parameter with data leakage in redirect LAB APPRENTICE User ID controlled by request parameter with password disclosure LAB APPRENTICE Insecure direct object references LAB APPRENTICE URL-based access control can be circumvented LAB APPRENTICE Method-based access control can be circumvented LAB APPRENTICE Multi-step process with no access control on one step LAB APPRENTICE Referer-based access control 7. Lab Solution For XXE injection LAB APPRENTICE Exploiting XXE using external entities to retrieve files LAB APPRENTICE Exploiting XXE to perform SSRF attacks LAB APPRENTICE Blind XXE with out-of-band interaction LAB APPRENTICE Blind XXE with out-of-band interaction via XML parameter entities
