(1) The document describes how to perform various SQL injection attacks on a vulnerable web application connected to a Microsoft SQL database, including blind SQL injection, logging in without valid credentials, creating a new user account, creating a new database, and performing denial-of-service attacks.
(2) The objectives of the lab are to provide knowledge on SQL injection attacks and analyze web applications for vulnerabilities using tasks like logging in without valid credentials and creating user accounts and databases.
(3) The lab environment involves using two Windows computers, one as the attacker machine and one as the victim machine running Microsoft SQL Server.