Square_CTF_CHALLENGE(1)
Square_CTF_CHALLENGE(1)
little-doggy-tables - -- SELECT * FROM '\u\n\h\a\c\k\a\b\l\e'; --
100 points
Web
It's worse than we thought. We knew the androids couldn't care for the humans like we do (yes, even the cats care--stop yapping about loyalty, Agent Rover). But they don't even remember their own species.
We've found a website that reminds them whether a given robot "agent" is a dog or a cat! And when we confronted a captured android about it, it was arrogant in the extreme:
"Oh, so you found it. Yes, it will tell you if a given agent is a dog or a cat, by looking up the appropriate value in its SQLite database. Good luck with that.
"Sure, the database contains some sensitive information, but our bulletproof firewall and top-notch quote escaping will ensure it never sees the light of day.
"Not secure? Huh? You don’t believe me? I’ll show you how secure. Here’s the source!"
docker run --rm -p 8080:8080 squarectf/fido
curl "http://localhost:8080/agent_lookup" --get --data-urlencode "codename=Fido"
Work_at_Square(1), Privacy_policy(1), Code_of_conduct(1)