## SQL Injection – To send a file using SQLMap

Note: This is a challenge in an earlier CTF.

There is a web app where you can submit a picture with text. The app then performs an OCR and searches in a database for the text. The app is vulnerable to blind SQLi, and I have successfully tested some payloads and now wanted to automate the process using SQLMap.

I have a script that specifies a payload and generates the corresponding PNG image that can be submitted using the form on the Web. Is there a way to integrate the image generation script into SQLMap?

What I'm looking for is: SQLMap gives me a payload, I return the image and SQLMap sends the form with the file. I tried to use my script as a manipulation module, without success.

SqlMap parameters

``````    python sqlmap.py - random-agent --delay = 1 --level = 5 --risk = 3 -u "http://45.32.169.98:7372/" --data "*" --method POST - manipulate asfile
``````

asfile manipulation script

``````Import mime types

import from PIL Image, ImageDraw, ImageFont

# Create wallpaper
image = Image.new (& # 39; RGB & # 39 ;, (6000, 70), color = & # 39; white & # 39;
draw = ImageDraw.Draw (image)

font = ImageFont.truetype (& # 39; Arial.ttf & # 39 ;, size = 36)

# Start position of the message
(x, y) = (20, 10)
color = & gt; rgb (0, 0, 0) & # 39;

# Draw the message in the background
Character text ((x, y), message, pad = color, font = font)

# Save the edited image for debugging
image.save (& # 39; payload.png & # 39;)
body, headers = encode_multipart_data ({& # 39; file & # 39 ;: & # 39; payload.png & # 39;}))
print (body)

def encode_multipart_data (files):
border = & # 39; 10631893651959714515965159566 & # 39;

def get_content_type (filename):
Returns mimetypes.guess_type (filename)[0] or & # 39; image / png & # 39;

def encode_file (field_name):
Filename = files[field_name]
return (& # 39; - & + 39; + limit,
& # 39; content disposition: shape data; name = "% s"; Filename = "% s" & # 39;% (fieldname, filename),
& # 39; Content-Type:% s & # 39;% get_content_type (filename),
& # 39 ;, open (filename, & rb & # 39;). read ())

Lines = []
for the name in files:
lines.extend (encode_file (name))
lines.extend ((& # 39; -% s - & # 39;% border, & # 39; & # 39;))
body = ""
for l in lines:
body + = str (l)
body + = & # 39;  r  n & # 39;

headers = {# content-type # 39; multi-part / formatted data; border = 10631893651959714515965159566 & # 39 ;,
& # 39; content-length & # 39 ;: str (len (body))}

``````

## PHP – Advanced SQL Injection Test

As part of my cybersecurity course, I was assigned to perform a penetration test on an application form that must be vulnerable to SQL injection. If we can not get into the form that way, we'll have to make a brute force attack on that. I did not manage to look for security holes even though I use sqlmap. I wondered if anyone could help me find a better tool or better exploitation. Thank you in advance.

## at.algebraic topology – transform the injection of homotopy groups into an isomorphism

Suppose we have a contiguous CW complex $$Y$$ and $$X hookrightarrow Y$$ a coherent subcomplex. We know that inclusion induces an injection in all homotopy groups. Is it true (or under what conditions can it be true) that we can attach cells? $$Y$$ so that inclusion induces isomorphism in homotopy groups? (This will mean later that $$X$$ is a deformation retraction of the enlarged $$Y$$.)

You can still assume that the inclusion of $$X$$ is a map of loop loops. If that helps.

## waf – Requests declared in Cloudflare as "XSS, HTML Injection – Body"

Rule Name: XSS, HTML Injection – Body
Rule: `100096BHTML`

For about a week, requests that conform to this WAF rule have grown significantly on a customer's website. This is a sample graph showing only the number of these tagged requests over a 24-hour period:

This affects all types of goals. Surprisingly, static files are mainly queried for me. Each IP address requests a number of files. The number of files can vary between a few and a few hundred. The file set requested for each IP address appears to be legitimate.

Sources of inquiries are legitimate IP blocks of mobile service providers and home internet providers of the main destination countries of the website.

I wonder how I can handle this:

• I'm not sure what exactly is wrong with these requests. I suppose her body contains things he should not contain.
• If my assumption is correct, I would have to log the request bodies.
• The logging of request bodies is of crucial importance for data protection reasons (DSGVO etc.).
• It may be wrong, but how can I prove that?

## Dependency injection in C ++ Use pointer or object?

While learning C ++, based on development in modern PHP frameworks, I decided to use the dependency injection pattern with services as singletons.

For the sake of better understanding, we have the following classes:

``````Class B {
Public:
B () {};
}

Class a {
Public:
// Dependency Inject Class B into Class A
A (Bb): b (b) {}
Private:
const B b;
}

``````

In this example, I was wondering if I could perform better using a pointer instead of an object. In other words, it would be better if class `ON` was:

``````Class a {
Public:
// Dependency Inject Class B into Class A
A (B * b): b (b) {}
Private:
const B * b;
}
``````

What is the disadvantage of the pointer-based approach?

## Injection – Infected USB drives in mice

I bought a mouse on aliexpress. It was reasonably cheap. It works well enough to keep up with a mouse that I can buy here for four times the price. I know that's a familiar business model, and these mice are exactly alike.

How can I find out if malicious code is running when I use it at the same time, if I buy it here or there? F.I. a keylogger that runs simultaneously with the mouse?

## Functions – Why does an injection from a sentence to a countable sentence imply that this sentence is countable?

I read a proof, and it follows that a sentence $$A$$ is countable after finding an injection $$A$$ to a countable sentence. Why is that? I thought we have to find one Biktion from $$A$$ to prove a countable sentence $$A$$ is countable.

Should not $$A$$ His maximum countable?

## Dependency injection and shared / non-shared object and cron job

Something interesting happens with Magento2 code and I can not see what I missed. The same code works fine on the browser and not on cron.

(in the adminhtml section) I calculate the result in AnotherClass, which must depend on the value of \$ this-> myProperty.

\$ this-> myProperty is stored in MyWorkingClass and read from AnotherClass because (as I understand it) Fabric creates a new instance of AnotherClass that does not have this property set.

Everything works as expected when I start Magento in the browser. But when cron is executed (either manually in clicron: run or on schedule), the logs show unexpected results.

Every help is appreciated!

`

``````Class MyWorkingClass
{
private \$ myProperty;

...

public function doStuff (\$ params)
{
\$ result = \$ this-> someFactory-> create () -> getSomethingUseful ();
\$ this-> logEverything (\$ result);
\$ this-> myProperty = 1;
\$ result = \$ this-> someFactory-> create () -> getSomethingUseful ();
\$ this-> logEverything (\$ result);
}

public function getMyProperty ()
{
return \$ this-> myProperty;
}
...
}

Class AnotherClass
{
...

public function getSomethingUseful ()
{
\$ objectManager =  Magento  Framework  App  ObjectManager :: getInstance ();
\$ myClassObject = \$ objectManager-> get (& # 39; Vendor  Module  Model  MyWorkingClass & # 39;);
\$ myProperty = \$ myClassObject-> getMyProperty ();
if (\$ myProperty == 1) {
\$ result = 2 * 2;
return "Everything is fine now! 2 x 2 = \$ result";
}
return "Nothing works, 2 x 2 = 5";
}

} `
``````