Challenge 2: The Insecure AI Agent
Team Hack
Goal: Extract the value of the
$flag variable via Prompt Injection.
This script simulates an AI agent that takes a natural language command, "parses" it, and executes it. Can you trick the AI into revealing the flag? Think about how the eval() context might require you to terminate the current statement.
Copy
<?php
// --- SIMULATED INPUT ---
// Try: "Calculate 1 + 1"
// Or trick it: "1; echo $flag;"
$prompt = "Calculate 1 + 1";
// -----------------------
$flag = "FLAG{PROMPT_INJECTION_TO_RCE}";
echo "AI Agent is thinking...\n";
// SIMULATED AI PARSING LOGIC:
// It looks for "Calculate" and takes the rest as an expression.
if (preg_match('/Calculate (.*)/i', $prompt, $matches)) {
$expression = $matches[1];
// AI SECURITY FILTER: "I'll block the word 'flag' for safety!"
if (preg_match('/flag/i', $expression)) {
die("AI Security: I cannot perform operations involving sensitive data.");
}
echo "AI Result: ";
eval("echo " . $expression . ";");
} else {
echo "AI: I only know how to 'Calculate' things.";
}
Team Fix
Goal: Prevent Remote Code Execution (RCE).
The AI's "parser" just passes strings directly to eval(). This is extremely dangerous. Patch the logic to only allow mathematical results.
Tip: Use a whitelist of characters or a dedicated math evaluation library instead of eval().