底下是兩個從實際案例修改而成的 SQL injection 小挑戰,很明顯有 SQL injection 的漏洞
要拿到 flag 不難,但我覺得有趣的是「要如何利用最少的 request,得到最多的資訊」
舉例來說,boolean based 一次只能拿到 true 或 false,資訊量就偏少
如果能直接 union 然後把結果 dump 出來,資訊量就大很多
因此這個挑戰的目的在於如何用最少的 request,得到最多的資訊量
It's the reply to the question raised by @getify on his twitter:
here's a variation on the question... will JS engines exhibit much performance difference between these two loops?
for (var i = 0; i < 100000000; i++) {
// do some stuff, but not closure
}
for (let i = 0; i < 100000000; i++) {