Gatekeeper
Gatekeeper Corp's employee intranet. The internal dashboard holds sensitive company memos — can you find a way in?
The Scenario
Gatekeeper Corp is a 140-person logistics outfit out of Tacoma that spun up an internal staff portal in 2022 to replace the spreadsheet their ops manager had been emailing around since 2017. A two-person IT team built it over a long weekend ahead of the all-hands, skipped the planned code review, and told themselves they'd revisit the login flow "after Q4." It is now well past Q4.
Challenge Intel
Synopsis
A beginner SQL injection lab against a corporate intranet that shipped faster than it was reviewed.
What It Is
Gatekeeper Corp's employee portal was built under deadline pressure and put online without a thorough security pass. Somewhere in the authentication and browsing flow, an input trusts data it should not. A gentle, intentionally approachable first SQLi experience.
Who It's For
Newcomers looking for their first authentic SQL injection solve.
Skills You'll Practice
- SQL injection fundamentals
- Basic authentication-bypass reasoning
- Reading application responses for injection signal
- Using everyday HTTP tooling for manual testing
- Distinguishing intended from unintended app behaviour
What You'll Gain
- A confident first SQLi solve on a believable target
- Core vocabulary for talking about injection vulnerabilities
- Hands-on feel for how input trust goes wrong
- A launching point into the harder SQLi ladder