THM - Advent of Cyber 2022 - Day 16¶
Difficulty: 
Challenge Link
OS: Linux
Learning Objectives¶
- Understand what SQL is
- Learn how to read PHP code
- How to secure PHP code to prevent SQL injections
What is the value of Flag1?
Navigate to the URL provided in module http://10-10-243-148.p.thmlabs.com/ using your own MACHINE_IP and login using coder/coder.
We can add the below code to the editor to fix the code.
Answer
THM{McCode, Elf McCode}
What is the value of Flag2?
Open search-toy.php in the code editor and change the code to the given below:
$q = "%".$_GET['q']."%";
$query="select * from toys where name like ? or description like ?";
$stmt = mysqli_prepare($db, $query);
mysqli_stmt_bind_param($stmt, 'ss', $q, $q);
mysqli_stmt_execute($stmt);
$toys_rs=mysqli_stmt_get_result($stmt);
Answer
THM{KodeNRoll}
What is the value of Flag3?
Modify toy.php similarly as we did in Flag1
Answer
THM{Are we secure yet?}
What is the value of Flag4?
We get an error so go check login.php and add the following changes:
$query="select * from users where username=? and password=?";
$stmt = mysqli_prepare($db, $query);
mysqli_stmt_bind_param($stmt, 'ss', $username, $password);
mysqli_stmt_execute($stmt);
$users_rs=mysqli_stmt_get_result($stmt);
Answer
THM{SQLi_who???}