SecureQuery
HardSecure Coding
Overview
Visit /challenge/ to access a machine containing the source code of an application located in the src directory. Your task is to fix the code to retrieve the flag. Make sure to read the rules before you begin.
Lab Details
Prerequisites & Requirements
- Intermediate knowledge of JavaScript
- Understanding of SQL and parameterized queries
What will you learn?
- How parameterized queries can still be vulnerable
- A technique to bypass MySQL query protections using object injection
- Input validation best practices for Express.js applications
Tools
- BurpSuite or curl
- Browser Developer Tools
Job Positions
Application Security Administrator
Tags
Sql InjectionInput ValidationJavascriptSource Code ReviewBroken Access Control