Challenge 4: SQL injection

Run the challenge

  1. Install  Docker CE from here or use the Linux VM with docker
  2. Run the docker image (automatic download)
    $ docker run --rm -p "80:80" secunive/sec:sqli
  3. The above command will start a web server listening on localhost (use -p 2223:80 if you use the  Linux VM with docker so that you can access to the challenge from your computer by clicking here). Leave it running  while you solve the challenge. When you are done you can  interrupt it by issuing ctrl-c

NOTE: if your port 80 is already in use, you can bind the challenge to a different port. For example: -p 8080:80 will bind to port 8080 (connect to localhost:8080 in such a case)

Goal

IMPORTANT NOTE: Trying attacks like the one in this challenge on real systems is against law and you might be prosecuted. Always do experiments with test hosts and users.

Your goal is to find admin password and login as admin!

HINT: The developer forgot to delete a backup index.php.bak file from the production system 😅

Bonus

Send me and @Alessia Michela Di Campi on slack an accurate description of how you solved the challenge by December 1, 2021 to get a 0.5 bonus on the final grade! In bocca al lupo!  😁