Report 4 - Flora - LACTF 2024 /web/la-housing-portal#72
Open
florayq wants to merge 4 commits intoCUCTF:mainfrom
Open
Report 4 - Flora - LACTF 2024 /web/la-housing-portal#72florayq wants to merge 4 commits intoCUCTF:mainfrom
florayq wants to merge 4 commits intoCUCTF:mainfrom
Conversation
IsaacTrost
approved these changes
Apr 21, 2026
Contributor
IsaacTrost
left a comment
IsaacTrost
left a comment
There was a problem hiding this comment.
i left one comment, otherwise looks good to me.
| This exploitation takes advantage of the fact that we can inject SQL code into the POST request and the input is not thoroughly checked for attacks. Some ways to prevent these attacks is encoding the information transported by the request to the server or checking the received information on the server request to verify that it is a valid option from the dropdown list before passing it into the SQL command. | ||
|
|
||
| ## Other Things to Note | ||
| The usage of `where '1'` actually only works in sqlite which is used for this local database because of sqlite's flexibility. This would not work in general non-sqlite cases. No newline at end of file |
Contributor
There was a problem hiding this comment.
Can you go into a shade more detail on this?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Flora's fourth writeup - web challenge from LACTF 2024 - SQLi