# LAB - Mobile Vulnerabilities: SQLi in Android

In this lab environment, you will get access to a Debian machine, which has all the required tools installed on it for this lab, along with an Android emulator. To start the Android emulator, run the "startemulator.sh" script present at "/root/Desktop."

**Objective:** Identify and exploit the SQLi vulnerability in the vulnerable APK.

The following Android application can be useful:

* allsafe.apk: Intentionally vulnerable Android application. (Pre-installed on the emulator).

***

After execute the APK, we can see a login and into this we can try SQLi, execute and get credentials confirm that the SQLi exist -->

<figure><img src="/files/5vCHKiHyFGB3CTsDDwM4" alt=""><figcaption></figcaption></figure>

After that, we can inspect the source code and see the variable to execute it login -->

<figure><img src="/files/JvuwapLDBY29BwlCq6Yn" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://eldeim.gitbook.io/brain_fuck/notes/certifications/eastereggs/ine-emapt/android-dynamic-testing/lab-mobile-vulnerabilities-sqli-in-android.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.