Test a SQL Inject Attack against the Arcadia Finance App

  1. Before you enable the App Protect service, attempt a SQL injection attack on the Acardia Finance app. In Firefox, open a new tab then click on the Arcadia Finance (DIY) bookmark or navigate to https://diy.arcadia-finance.io/.
  1. Click the Login button to load the login screen.
  1. You will see the Arcadia Finance application login screen.
  1. For the username, type or paste the following value:
' or 1=1-- '

and click Log me in.

  1. You should be immediately returned to the empty login prompt. While your SQL injection was not successful in logging into the system, the attempt was not blocked. We’ll enable the App Protect WAF policy and re-attempt to ensure protection is enforce as you progress through the lab.