Course

This lab focuses on an SQL injection vulnerability present in a login form, where the developer has implemented a space filter to prevent common injection techniques. By leveraging tab characters (HT or \t) and encoding them within the HTTP request, we can bypass this protection. The exercise demonstrates how to manipulate the SQL query to achieve authentication bypass despite the space filtering.

The lab also provides a detailed walkthrough of the PHP code to illustrate how the injection works and why the tab character is not caught by the space filter. Participants will learn to craft payloads that exploit this behavior, gaining insight into bypassing security measures by understanding and manipulating input validation logic.