Want to create interactive content? It’s easy in Genially!

Get started free

SQL INjection na minha empresa

Ceu

Created on March 24, 2025

Start designing with a free template

Discover more than 1500 professional designs like these:

Momentum: Onboarding Escape Game

Secret Code

Math Mission

Video Game Breakout

Museum Escape Room

Simple corporate escape room

Chaotic Kitchen Escape Room

Transcript

Escape game

SQL INjection na minha empresa

Começar

Atenção!

instruçÕES

🔊 Ligue o som, é importante para o caso.

Este é um jogo de escape para desenvolvedores.Você acaba de encontrar uma aplicação vulnerável. Seu objetivo é analisar o código, identificar falhas de segurança e responder corretamente às questões que surgirem. Consegue mitigar os riscos antes que um atacante explore as vulnerabilidades?

click!!!

Você você está trabalhando remotamente.. O que você pode fazer para se entreter ao final do dia de trabalho codando?

Da onde vem esse grito?

INCIDENTE DE SEGURANÇA

MINHA PESQUISA

2. Quem?

4. Como?

1. O que?

3. Quando?

VOCÊ FOI BUSCAR PISTAS NO ESCRITÓRIO

Você chegou ao escritório arraste o mouse para revelar vestígios no COMPUTADOR. CLIQUE NO QUE ENCONTRAR!

Colete pistas

PASSE O MOUSE PARA MAIS PISTAS

Virus Alert

Você encontrou uma pasta infectada. Clique pare remover todos os bugs

Documents

As VULNERABILIDADES sÃO COMO PORTAS ABERTAS, CLIQUE PARA DESCOBRIR MAIS

2B

2A

As VULNERABILIDADES sÃO COMO PORTAS ABERTAS, CLIQUE PARA DESCOBRIR MAIS

2B

2A

CHEGAMOS AO FINAL DA NOSSA DEMO! MAS nÃO SE PREOCUPE, AS ETAPAS A SEGUIR IRÃO TE SURPREENDER... cASO TENHA ALGUMA DÚVIDA, ETRE EM CONTATO COM A EQUIPE CULTSEC

INCIDENTE DE SEGURANÇA

MINHA PESQUISA

2. Quem?

4. Como?

1. O que?

3. Quando?

fatos

— Alô, algo estranho está acontecendo… fomos hackeados! Parece que a falha está no código. Sua missão agora é investigar e descobrir o que deu errado. Olha, precisamos de provas concretas, não teorias malucas. Você anda vendo true crime demais... A equipe de segurança não vai aceitar suposições. Estamos juntos nessa. Boa sorte, desenvolvedor.

Ir

Are you sure you want to exit?

You will lose all your progress

Exit

Back

Discoveries on the carpet: - Red stains - Short blond strands of hair - A ring with the inscription 'J&S' - Small slivers of broken glass

Discoveries on the carpet: - Suspicious red stains - Short blond strands of hair - A ring with the inscription 'J&S' - Small slivers of broken glass

1B

—Yes, yes, Emma, I'm telling you! They partied all night long, they didn't stop until the early hours. I've got bags under my eyes and am losing the will to live!

Essa senhora não parece estar feliz.

Goalkeeper's discoveries: - Hermine, the lady from 1B, complained about the party at 3:00 AM - Susan, the girl from 1C, returned home around 4:45 AM - Jake and Selena, the couple from 1A, left the building with a large bundle at 5:00 AM - The party at 2B didn't end until 6:00 AM

— I'm afraid I can't release information about the neighbors just like that... Unless, of course... ahem, wink, wink

1/4

Discoveries on the carpet: - Suspicious red stains - Short blonde hair strands - A ring with the inscription 'J&S' - Small shards of broken glass

Conclusion: Susan and Selena went to the party on the upstairs floor and, in an attempt to film a dance for TikTok, they accidentally spilled cherry juice on the host's carpet. As it was a prized possession, they didn't want the host to find out. So Selena called Jake, her boyfriend, to help her get rid of the carpet and distract everyone. There was no evidence of a crime taking place.

Goalkeeper's discoveries: - Hermine, the lady from 1B, complained about the party at 3:00 - Susan, the girl from 1C, returned home around 4:45 - Jake and Selena, the couple from 1A, left the building with a huge bundle at 5:00 - The party at 2B didn't end until 6:00

Are you sure you want to exit?

You will lose all your progress

Exit

Back

Discoveries on the carpet: - Suspicious red stains - Short blond hair strands - A ring with the inscription 'J&S' - Small shards of broken glass

Esse som. E do nada parece não ter luz por aqui, o que está acontecendo?

Siga as pistas

Que festa! Ninguém parece estar triste nesse quarto.

Alguma coisa parece estar faltando por aqui....

O que é?

SQL Injection (SQLi) é um tipo de ataque que explora falhas em aplicações web para manipular consultas SQL feitas ao banco de dados. Isso ocorre quando a aplicação permite que usuários insiram dados sem validação adequada, possibilitando a execução de comandos maliciosos.Um sistema constrói consultas SQL de forma insegura, um atacante pode inserir comandos inesperados nos campos de entrada, como formulários de login ou parâmetros de URL. Por exemplo clique abaixo:

The party on 2B? They didn't say a word to me, those kids are elitists. That said, by 6 in the morning they ran out of gas...

Finally, you are using the corkboard! Resolve your questions post-it by post-it and clarify the mystery

Discoveries from the eavesdropping: - 1A (couple): The woman went to the party, the man helped her hide something - 1B (lady): She hates the neighbors from 2B - 1C (girl and dog): Someone from 1A helped her hide evidence - 2A (yogi): Yoga enthusiast, heading to Nirvana - 2B (friends): They know about an incident at the party

2B

Preciso descobrir o incidente por completo, essas vulnerabilidades não irão nos vencer!! 🔹 Resumindo: Se o código não valida e trata corretamente os dados recebidos, ele pode ser explorado para manipular consultas SQL de forma maliciosa. Vamos em frente na investigação?

1C

—Oh, Toby, she said she would take care of everything and I don't know how she managed to disappear... Honestly, she's driving me crazy. Oh well, that won't stop us from continuing with your training. Now, give me your paw!

Are you sure you want to exit?

You will lose all your progress

Exit

Back

Discoveries from the recordings: - 1A (couple): She went to the party, the man helped her hide something - 1B (lady): She hates the neighbors in 2B - 1C (girl and dog): Someone from 1A helped her hide evidence - 2A (yogi): Yoga enthusiast, on the way to Nirvana - 2B (friends): They know about an incident at the party

2A

Essa situação está diretamente relacionada a uma vulnerabilidade de SQL Injection. No exemplo dado, a entrada maliciosa ' OR '1'='1 modifica a lógica da consulta SQL, fazendo com que ela sempre retorne verdadeiro. Isso significa que um atacante pode burlar um login sem conhecer as credenciais,

Mrs. Hermine, from 1B, appeared at the reception at 3 in the morning, very upset about the party in 2B. But what did she expect me to do about it? Turn off their music with the power of my mind?

Are you sure you want to exit?

You will lose all your progress

Exit

Back

Susan's dog from 1C barked until 4:45am. That must be when she got back because that's when the dog stopped whining. What's weird is that just before, she was live on TikTok giving it her all. That blonde has thousands of followers!

Are you sure you want to exit?

You will lose all your progress

Exit

Back

1A

—Look, I've not left the house since you left and... left your mess behind. —Honey, stop overthinking it. And if they ask, you know nothing!

Discoveries from the eavesdropping: - 1A (couple): The woman went to the party, the man helped her hide something - 1B (lady): She hates the couple from 2B - 1C (girl and dog): Someone from 1A helped her hide evidence - 2A (yogi): Yoga fanatic, heading to Nirvana - 2B (friends): They know about an incident at the party

Jake and Selena, the couple from 1A, left at 5am with a giant bundle. I asked them what it was, and Jake, a little annoyed, said: "Selena and her juice have ruined my relaxing evening."