💬 Workshop Chat — share messages and code snippets live. Ask the host for the PIN or scan the QR code on the beamer.
Join Chat
🚀 Ready to test? Open the PHP sandbox to run your code without any local setup.
Open OneCompiler

Challenge 2: The Insecure AI Agent

Team Hack

Goal: Extract the value of the $flag variable via Prompt Injection.

This script simulates an AI agent that takes a natural language command, "parses" it, and executes it. Can you trick the AI into revealing the flag? Think about how the eval() context might require you to terminate the current statement.

Copy
<?php
// --- SIMULATED INPUT ---
// Try: "Calculate 1 + 1"
// Or trick it: "1; echo $flag;"
$prompt = "Calculate 1 + 1"; 
// -----------------------

$flag = "FLAG{PROMPT_INJECTION_TO_RCE}";

echo "AI Agent is thinking...\n";

// SIMULATED AI PARSING LOGIC:
// It looks for "Calculate" and takes the rest as an expression.
if (preg_match('/Calculate (.*)/i', $prompt, $matches)) {
    $expression = $matches[1];
    
    // AI SECURITY FILTER: "I'll block the word 'flag' for safety!"
    if (preg_match('/flag/i', $expression)) {
        die("AI Security: I cannot perform operations involving sensitive data.");
    }

    echo "AI Result: ";
    eval("echo " . $expression . ";");
} else {
    echo "AI: I only know how to 'Calculate' things.";
}

Team Fix

Goal: Prevent Remote Code Execution (RCE).

The AI's "parser" just passes strings directly to eval(). This is extremely dangerous. Patch the logic to only allow mathematical results.

Tip: Use a whitelist of characters or a dedicated math evaluation library instead of eval().

Copied to clipboard!