You are right. Back end SQL injection "may be possible" but in this hypothetical case back end app was vulnerable to it. Objectives over here are to determine hidden back-end web services and checking Javascript around Ajax call....

[ more ]