New SQLi challenge

2025-02-03 16:17:28 +01:00
parent 34275b0287
commit c128870b93
7 changed files with 189 additions and 0 deletions
--- a/countries_list/Dockerfile
+++ b/countries_list/Dockerfile
@@ -0,0 +1,4 @@
+FROM php:8.3-apache
+COPY src/ /var/www/html/
+
+ENV FLAG=CHANGEME
--- a/countries_list/README.md
+++ b/countries_list/README.md
@@ -0,0 +1,8 @@
+# Unsafe login challenge
+You need to set the `FLAG` environment variable for this challenge to work!
+
+
+## Run the image
+```bash
+docker run --rm --name countries_-_list --env FLAG='FLAG{SQLIMYFRIENDAGAIN}' -p 3767:80 -it pierre42100/countries-list
+```
--- a/countries_list/build.sh
+++ b/countries_list/build.sh
@@ -0,0 +1 @@
+sudo docker build -t pierre42100/countries-list .
--- a/countries_list/src/bootstrap.min.css
+++ b/countries_list/src/bootstrap.min.css
--- a/countries_list/src/database.db
+++ b/countries_list/src/database.db
--- a/countries_list/src/index.php
+++ b/countries_list/src/index.php
@@ -0,0 +1,68 @@
+<?php
+
+// First, connect to database
+try {
+  $db = new PDO('sqlite:' . __DIR__ . '/database.db');
+} catch (PDOException $e) {
+  echo 'Connection to database failed: ' . $e->getMessage();
+}
+
+$filter = isset($_GET["filter"]) ? $_GET["filter"] : "";
+
+// Get the list of countries
+$query = "SELECT * FROM countries_list WHERE full_name LIKE '%$filter%'";
+$stmt = $db->prepare($query);
+$stmt->execute(array());
+$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+?><!doctype html>
+<html lang="en" data-bs-theme="auto">
+
+<head>
+
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Countries list</title>
+
+  <link href="/bootstrap.min.css" rel="stylesheet"
+    integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
+  <link href="/style.css" rel="stylesheet">
+</head>
+
+<body class="d-flex align-items-center py-4 bg-body-tertiary">
+  <main class="form-signin w-100 m-auto">
+
+    <h1>Countries list</h1>
+
+    <form action="/" method="get" style="margin: 30px 0px">
+      <div class="input-group flex-nowrap">
+        <span class="input-group-text" id="addon-wrapping">Filter by full name</span>
+        <input type="text" class="form-control" placeholder="Filter list by full name" aria-label="Filter by full name"
+          aria-describedby="addon-wrapping" value="<?=$filter?>" name="filter" />
+        <button class="btn btn-outline-secondary" type="submit" id="button-addon2">Filter</button>
+      </div>
+    </form>
+
+    <table class="table">
+      <thead>
+        <tr>
+          <th scope="col">#</th>
+          <th scope="col">Full name</th>
+        </tr>
+      </thead>
+      <tbody>
+        <?php
+        foreach ($results as $row) {
+          ?>
+          <tr>
+            <th scope="row"><?= $row["code"] ?></th>
+            <td colspan="2"><?= $row["full_name"] ?></td>
+          </tr><?php
+        }
+        ?>
+      </tbody>
+    </table>
+  </main>
+</body>
+
+</html>
--- a/countries_list/src/style.css
+++ b/countries_list/src/style.css
@@ -0,0 +1,102 @@
+html,
+body {
+  height: 100%;
+}
+
+.form-signin {
+  max-width: 800px;
+  padding: 1rem;
+}
+
+.form-signin .form-floating:focus-within {
+  z-index: 2;
+}
+
+.form-signin input[type="email"] {
+  margin-bottom: -1px;
+  border-bottom-right-radius: 0;
+  border-bottom-left-radius: 0;
+}
+
+.form-signin input[type="password"] {
+  margin-bottom: 10px;
+  border-top-left-radius: 0;
+  border-top-right-radius: 0;
+}
+
+.bd-placeholder-img {
+  font-size: 1.125rem;
+  text-anchor: middle;
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  user-select: none;
+}
+
+@media (min-width: 768px) {
+  .bd-placeholder-img-lg {
+    font-size: 3.5rem;
+  }
+}
+
+.b-example-divider {
+  width: 100%;
+  height: 3rem;
+  background-color: rgba(0, 0, 0, .1);
+  border: solid rgba(0, 0, 0, .15);
+  border-width: 1px 0;
+  box-shadow: inset 0 .5em 1.5em rgba(0, 0, 0, .1), inset 0 .125em .5em rgba(0, 0, 0, .15);
+}
+
+.b-example-vr {
+  flex-shrink: 0;
+  width: 1.5rem;
+  height: 100vh;
+}
+
+.bi {
+  vertical-align: -.125em;
+  fill: currentColor;
+}
+
+.nav-scroller {
+  position: relative;
+  z-index: 2;
+  height: 2.75rem;
+  overflow-y: hidden;
+}
+
+.nav-scroller .nav {
+  display: flex;
+  flex-wrap: nowrap;
+  padding-bottom: 1rem;
+  margin-top: -1px;
+  overflow-x: auto;
+  text-align: center;
+  white-space: nowrap;
+  -webkit-overflow-scrolling: touch;
+}
+
+.btn-bd-primary {
+  --bd-violet-bg: #712cf9;
+  --bd-violet-rgb: 112.520718, 44.062154, 249.437846;
+
+  --bs-btn-font-weight: 600;
+  --bs-btn-color: var(--bs-white);
+  --bs-btn-bg: var(--bd-violet-bg);
+  --bs-btn-border-color: var(--bd-violet-bg);
+  --bs-btn-hover-color: var(--bs-white);
+  --bs-btn-hover-bg: #6528e0;
+  --bs-btn-hover-border-color: #6528e0;
+  --bs-btn-focus-shadow-rgb: var(--bd-violet-rgb);
+  --bs-btn-active-color: var(--bs-btn-hover-color);
+  --bs-btn-active-bg: #5a23c8;
+  --bs-btn-active-border-color: #5a23c8;
+}
+
+.bd-mode-toggle {
+  z-index: 1500;
+}
+
+.bd-mode-toggle .dropdown-menu .active .bi {
+  display: block !important;
+}
				`@@ -0,0 +1 @@`
				`sudo docker build -t pierre42100/countries-list .`