This exercise explains how you can, from a SQL injection, gain access to the administration console, then in the administration console, how you can run commands on the system.
It's important you fully understand where in the source code the vulnerability resides. After exploitation or before exploitation identify what function within the class is vulnerable, and why is reacts that way. How would you have gotten a shell with more privledges without the admin console?