0

Is there something I can do with this information?

$employee_id = explode(' ', $_POST['employee_id'])[0];
$query = 'SELECT name FROM employees WHERE id = CAST('.$employee_id.' AS INT)';

Any SQL Injection or something like that?

I trying to do some SQL injection or reverse shell PHP to complete my hacking task

Please, someone help me?

A pic of the test

Chris test result

Improve this question
17
  • 1
    Ignore the first line for a bit, just imagine what you could put into $employee_id to concatenate that would do something, then work backwards Commented Oct 27, 2023 at 13:32
  • 2
    Yes, absolutely this is vulnerable to SQL injection (no, I am not going to highlight how, for obvious reasons). You should use bound parameters instead. Commented Oct 27, 2023 at 13:32
  • I am new to this world and im trying to learn some things, i already find my 3 flags, but i break my mind with this part, how i can use the bound parameters? And i have to tell you guys that exists a page in the web server who have a form hidden where i can input the information to employee_id. Commented Oct 27, 2023 at 13:36
  • Rob meant that if this were to be used in the real world, prepared statements should be used. However, because this is CTF you are limited with what's in front of you. Commented Oct 27, 2023 at 13:37
  • 1
    That's why I said something along those lines, you'll have to play around with the specific syntax more. Maybe my CAST isn't correct, I haven't had to use that in a long time, I'm a little rusty there. But giving you the exact answer feels like it would be defeating the point of the exercise Commented Oct 27, 2023 at 14:09
Related questions
2769
How can I prevent SQL injection in PHP?
5136
Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
1231
How does the SQL injection from the "Bobby Tables" XKCD comic work?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.