capture the flag, cybersecurity education, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 16 – SQLi’s The King, The Carolers Sing #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.

In our sixteenth challenge, Elf McSkidy asked Elf Exploit and Elf Admin to assist in clearing the application. When presented with the app’s code, both elves looked a bit shocked, as none of them knew how to make any sense of it, let alone fix it.

The topics explored in this challenge are Structured Query Language (SQL) and the vulnerability – SQL injection. SQL Injection happens when a website creates a dynamic query using user input (without being sanitized/validated). The final topic was ways to mitigate this vulnerability, such as parameterized queries.

Can we help Elf Exploit and Elf Admin secure the website? Find out below!

If you enjoy my content, buy me a coffee. Link –>

Leave a Reply