webserver – When should you give it up to perform an xss attempt on part of a website?

I wonder when you give up a user input that you want to exploit. What is going through your head and what are you hooking up with, what makes you think that the entrance has been cleaned up properly?

I have just started. So, if I test an XSS and find that it's cleaned up properly, that's when it encodes inputs like (! @ # $% ^ & * "& # 39; ()> <) with HTML entities really.

Architecture – statistics or profit give away result of the game

Imagine a coin flip game whose logic looks like this:

  • The server sends a websocket message (RESULT_MESSAGE) to the frontend resulting in a game (won / lost).
  • The server sends a Websocket message with updated aggregated statistics (STATS_MESSAGE) to the frontend.
  • The frontend responds to RESULT_MESSAGE with an animation (coin toss). In addition, the all-time statistics and the gain are updated in response to STATS_MESSAGE

The problem with this logic is that responding to STATS_MESSAGE (gain and statistic update) betrays the result of the coin toss before the animation finishes.

Solutions I can not use:

  • Merging RESULT_MESSAGE and STATS_MESSAGE updates only the statistics / wins after the animation is completed. Because these 2 messages are generated and sent by different services.
  • Associate a particular RESULT_MESSAGE with a STATS_MESSAGE and respond to a STATS_MESSAGE only when its corresponding RESULT_MESSAGE has been processed and its animation completed. Because in reality I have several types of STATS_MESSAGES (trophies updated, statistics updated, earnings / balance updated etc.) and it is simply not practical for the frontend to keep all these messages until their respective RESULT_MESSAGES are processed

Solutions that I've already tried, but I try to avoid:

  • If the backend sends STATS_MESSAGE with a delay, it ensures that it does not reach the frontend before the coinflip animation completes. This type encodes the behavior of the frontend (animation) in the backend.

All ideas and suggestions appreciated. Many thanks!

This will give you abandoned quality niches.

I think it's the best place for this post, if not, I apologize and the administrators please move it if necessary.

I recently found this short but accurate tutorial that brought me good benefits. I would like to share it with you now and get to know your experiences.

In order to get high-quality borrowings, we will use two online tools, Ubersuggest and ExpiredDomains.

1.- With ExpiredDomains you can search for domains that have expired recently.

2.- Then you can place the domain in Ubersuggest and see how many keys it has indexed.

3.- If there are enough keys in the domain, you can search the Google cache for the post and restore it. This creates a potential niche.

I hope it serves you.

This will give you a VOIP number that is not marked as VOIP

I would like to get a VOIP number for the US, as I currently live outside the US. I've been using Google Voice for a long time and it worked well. For privacy reasons, I want to move away from Google.

I noticed that almost all VoIP providers (voip.ms, Flowroute, Twilio and even Google Voice) are marked as "virtual" and therefore for many services the use of the phone number for logging in is not allowed. This has something against the purpose of having a phone number – since I can easily make calls without a DID number.

How can third parties recognize that a number is virtual (VOIP)? Is there any way to hide this, or is there a provider that sells numbers that are considered local to everyone else?

php – SQL query sums data from one column to another. Distinctions stored in one table as integers with names in another table. How do I give a real name?

According to the title, I execute the following SQL query:

$ sql = "SELECT` Policy Area`, SUM (` Sum approved`) as` Sum approved`
FROM Contracts GROUP BY "Policy Area";
$ result = $ conn-> query ($ sql);

if ($ result-> num_rows> 0) {
while ($ row = $ result-> fetch_assoc ()) {
Echo "Policy area:". $ row["Policy Area"], " Total: ". $ row["Sum Approved"], "
"; } } else { Echo "0 results"; }

Simple enough, and I will encrypt it to essentially create a Balkenchat that shows the percentage of spend by policy area. However, the policy area is stored in the contract table as an ID that refers to another table that specifies the actual name.

Of course I'd rather have the full name than the ID, but how does that work?

Is it simply a matter of integrating the required additional SQL queries for the Policy Area table into the while loop?

Oracle 11g – PL / SQL query with LISTAGG () String function does not give the desired output

I hope you are well.
I'm new to ORACLE PL / SQL and try to use the & # 39; string aggregation function & # 39; in my query to use the value of lines with a comma & # 39 ;, & # 39; to link.
That's the structure of my tables:

1) Student (STUDENT_ID, student_name, age)
2) course (course_no, description)
3) Student_Course (student_id, course_id, nomreh)

The Description column indicates the name of the course, such as algebra or math. The Nomreh column shows the grade reached by each student in each course (it is a Persian word).

That's my question

Choose the student name,
LISTAGG (c.description, & # 39 ;, & # 39;) WITHIN THE GROUP (ORDER BY c.description) AS
LISTAGG (sc.nomreh, & # 39 ;, & # 39;) WITHIN THE GROUP (ORDER BY sc.nomreh) AS Ranks
from inside the student
student_course sc on s.student_id = sc.student_id
inner connection
Course c on sc.course_id = c.course_no
Group according to the name of the student 

I want the output to display:

[Student-name]   [Course-Description]    [Nomre]
  Artin algebra, math, sports 10,11,12

every value in [Nomreh] Column should be exactly for this [Course] Column and for that particular student. Unfortunately, my query does not return the desired output and the values ​​in the Nomreh column are not in the correct order [Course-Description] Pillar.

I was wondering if you could help me with that.
thank you in advance