LAB 107 - Identifying Injection Vulnerabilities

Course Overview

This lab presents a challenge in the Account All cyber range that exploits an Injection vulnerability, caused in part by improper input validation and query handling. According to OWASP.org, “Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.”

This lab’s challenge is to force the Log In page to generate an unhandled exception. Solving this challenge will demonstrate the presence of a particular type of Injection vulnerability. In this lab, you are an adversary acting outside of your intended permissions, attempting to input improper validation and potentially expose sensitive information.