SQL Injection PHP CTF

214 views Asked by At

Is there something I can do with this information?

$employee_id = explode(' ', $_POST['employee_id'])[0];
$query = 'SELECT name FROM employees WHERE id = CAST('.$employee_id.' AS INT)';

Any SQL Injection or something like that?

I trying to do some SQL injection or reverse shell PHP to complete my hacking task

Please, someone help me?

A pic of the test

Chris test result

0

There are 0 answers