From 4b6ecfb855499d038d97d7f37a5d209e0c9eb7f2 Mon Sep 17 00:00:00 2001
From: Andrew <andreasohaodha@proton.me>
Date: Sat, 14 Sep 2024 15:45:12 +0100
Subject: [PATCH] [squeal]: Add squeal SQL injection challenge

---
 squeal/database.db | Bin 0 -> 20480 bytes
 squeal/squeal.sh   |  10 ++++++++++
 squeal/tables.sql  |  25 +++++++++++++++++++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 squeal/database.db
 create mode 100755 squeal/squeal.sh
 create mode 100644 squeal/tables.sql

diff --git a/squeal/database.db b/squeal/database.db
new file mode 100644
index 0000000000000000000000000000000000000000..a9993a4c94181fd0e198386b922475379432915e
GIT binary patch
literal 20480
zcmeI%O>fgk7zc1qJb5!TgT%pyXqTrf6%C?<Y*ldq2`7ZM5YplV5T|OIPMc9(JGC8Y
z*&EB16CZ%Dz<1cgN=SQJX{9~wX|)GVNJxkS2gV^Fs;V3jg8wLf=0y|xnV)?byLY>z
zQ$^cRyeCsyv`$!zSyzcH%bGDq-W(rF&NTRkj;Yxv?W3AA)`eg9XT%$eR~}npRy?mf
zuDm{KGR7eQ0SG_<0uX=z1Rwwb2teTb5E$A;*LB&$dMY;qwH?TvWD<DGZ+rbV^}S}N
zO_L#-cgU1P4PuqjUC(c=c>es)OG`ECuJx&Vr_(t<nX&G#-tzqWbhCY*=HE}RIkg%u
zxK~_e>2OQ^lI#a&3%nu6X*B6?Os=rem{j?PbFAoAtL(SgNmhvtcLJ46tK5Oiri0Vm
zVj1qzYS$!lAfZ&Jf%;s=GEQ}J<eCmID!YzZ(n7A_dex(rG)--zF>To9i7I7JRkq1@
zDo-u(w|FL=h(}@|E{hYD|0}<nK@<o;00Izz00bZa0SG_<0uX?}7ZEt^a8{plsHx2E
zTyKv9>JQBZJZY*hi9%{dQK(LrIa@eeUXG$I>Wl}w=cy?-)og1hM<W#k<VP}`FLBnc
zmU^1JFjWcl6|IanwTdORqA(iht>~ubuXSkoT#>V-dT~8aGEsD(>dDPmhvpwL9w~F0
zc&@<NrJoA@p`!NQDAl2PFF?2Cz@(@;I^5MEt;=}#$2@00)bs6R6q^arq0`K8&Q7}g
z-Y~kM_jFjbIdkiFUnZ$KH1|x7v&Pw6bJf4rqqXbg(RK4`WTovlbr5KihYoZytTA3*
zxOC0*@9A`CCiV7opgMBv0WHfNX@uf&7@1V##4-2L5r0_Xt#~b7iWlNP@vrzt{3ZT0
zgD4Py00bZa0SG_<0uX=z1Rwwb2z*5Xd7ClE$zr*j#ZoDY#bOo<g)HXtS>!y6ww=XX
z&bG_t?E60xuPpOJfdB*`009U<00Izz00bZa0SG|g+Yva%a;F;I8;h-e<6<}a{*V3t
kw{vr`5(q#50uX=z1Rwwb2tWV=5P-l`;JAIN{Bi&P4xRe?B>(^b

literal 0
HcmV?d00001

diff --git a/squeal/squeal.sh b/squeal/squeal.sh
new file mode 100755
index 0000000..9ecc7f9
--- /dev/null
+++ b/squeal/squeal.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Script that accepts the name of an artist and checks if they are currently in our Billboard Top 10 database
+
+while true; do
+    printf "Enter an artist's name: "
+    read input 
+
+    sqlite3 database.db "SELECT * FROM singles WHERE artist = '$input'"
+done
+
diff --git a/squeal/tables.sql b/squeal/tables.sql
new file mode 100644
index 0000000..2874977
--- /dev/null
+++ b/squeal/tables.sql
@@ -0,0 +1,25 @@
+CREATE TABLE singles (
+    rank INT NOT NULL,
+    title VARCHAR(255) NOT NULL,
+    artist VARCHAR(255) NOT NULL,
+
+    PRIMARY KEY (rank)
+);
+
+INSERT INTO singles (rank, title, artist) VALUES (1, 'Die With A Smile', 'Lady Gaga, Bruno Mars');
+INSERT INTO singles (rank, title, artist) VALUES (2, 'BIRDS OF A FEATHER', 'Billie Eilish');
+INSERT INTO singles (rank, title, artist) VALUES (3, 'Taste', 'Sabrina Carpenter');
+INSERT INTO singles (rank, title, artist) VALUES (4, 'Who', 'Jimin');
+INSERT INTO singles (rank, title, artist) VALUES (5, 'Espresso', 'Sabrina Carpenter');
+INSERT INTO singles (rank, title, artist) VALUES (6, 'The Emptiness Machine', 'Linkin Park');
+INSERT INTO singles (rank, title, artist) VALUES (7, 'Please Please Please', 'Sabrina Carpenter');
+INSERT INTO singles (rank, title, artist) VALUES (8, 'Si Antes Te Hubiera Conocido', 'KAROL G');
+INSERT INTO singles (rank, title, artist) VALUES (9, 'Good Luck, Babe!', 'Chappell Roan');
+INSERT INTO singles (rank, title, artist) VALUES (10,' Beautiful Things', 'Benson Boone');
+
+CREATE TABLE flags (
+    secret VARCHAR(255) NOT NULL,
+    PRIMARY KEY (secret)
+);
+
+INSERT INTO flags (secret) VALUES ('1NJ3CT10N');