Unreal Engine 4 AI Character Pawn Entirely Unresponsive to Movement Commands

I’m new to game development and to Unreal but I cannot for the life of me get my AI character pawn to move at all using any method I know.

I’m developing a 2d Sidescroller game using a Tilemap. I have made sure collision is set up with the map and tiles, the player character can interact with it all just fine, and I made sure to widen the collision thickness of the map so that the navmesh can properly appear (as seen with the green areas).

Nav Mesh loading. AI spawns in the air and falls down so I know he isn’t overlapping with the ground Nav Mesh loading. AI spawns in the air and falls down so I know he isn't overlapping with the ground

I’ve disabled and enabled collision for the static mesh cube component in the character pawn, but he still doesn’t move. The goal is to get him to follow the player when he sees him. The pawnsensing trigger works just fine, as I had it print whenever he sees him, and he even properly gets to the point of executing the "follow player" function (the print statement works).

However, using AIMoveTo fails every time. I’ve tried putting the player as the target, the player’s worldLocation as a vector, and even an arbitrary point vector to the right of the AI but AIMoveTo fails every time.

I’ve deleted and replaced the NavMesh, and I’ve even tried completely skipping using AIMoveTo and just using Add Movement Input in both the AI Thinking Blueprint and Character Pawn Blueprint but neither make it move. I literally put an Add Movement Input function on the Pawn’s event tick but it never moves.

Any suggestions?

Code: AI Logic event is triggered every tick AI Logic event is triggered every tick

Character Pawn Tick (for debugging). Does not cause the Pawn to move Character Pawn Tick (for debugging). Does not cause the Pawn to move

What happens to a Summoned Demon when it hasn’t been given new commands?

This assumes that you use summon greater demon (Xanathar’s Guide to Everything, p. 166), and command it to attack your enemies. This summoned Balgura succeeds in killing all enemies you ordered it to, but during this time you were drawn away from the demon, and haven’t been able to issue it a new verbal command. Keep in mind, it hasn’t succeeded in breaking the spell via it’s CHA saves.

Would a Demon be able to act on it’s own accord if it hasn’t been given any new commands, and has no creatures to attack that "attacked it during the last turn."?

SQL Injection Doesn’t Sanitize But Doesn’t Execute Commands

I am currently doing a pentesting on a web application and focusing more on SQL Injection. This company I am pentesting have a functionality in which we are allowed to buy things from the vendors/suppliers registered there. When a product is added to our cart and ‘Checkout’ button is clicked, the web application will then communicate to the backend to create a cart based on specified ‘cart_id’ and INSERT it to the database. I know this is the case since when I tried to resubmit the request to the server the following error is specified:

"SQLIntegrityConstraintViolationException: Duplicate entry 'RANDOM_ALPHANUMERIC_CART_ID' for key 'idx_cart_id'" 

I tried checking for SQL Injection by adding a single quote at the end of the ‘cart_id’ and HTTP 200 is returned along with server response of a new cart_id with the single quote included. Does this mean It is not sanitizing input? I tried inserting other SQL Commands, the server will still return 200 and the commands are being printed out on the server response but not being executed. Is this web app vulnerable to SQLi (blind?)? If not, Is it possible for me to achieve other vuln such as Stored XSS?

Thank you

site does not respond to some sql injection commands [closed]

I work on a target that I know has SQL injection bug, because in this URL:


I get this answer

Database Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘Select * form aduan.emel’ ORDER BY transaksi_aduan.no_pendaftaran asc’ at line 11

But some sql commands, like UNION SELECT @@version-- and Union+select+NUll,null-- don’t work!

When I submit them, the server responds with error 500.

Why does this happen? I think it is the firewall, is there any way to bypass it?

Notice: I have tried all the tamper options in sqlmap, but they didn’t work and the server returned: connection timed out to the target URL or proxy

I also tried –tor but it didn’t work.

Where is the problem?

Is it possible to run commands that exist only on the host on a docker container?

We would like to harden our Docker Image and remove redundant software from it. Our Devs and Ops asked to keep some Linux tools used for debugging on the containers running on our Kubernetes Prod environment.

I’ve read this post: https://www.digitalocean.com/community/tutorials/how-to-inspect-kubernetes-networking

And it made me wonder, is it possible to run commands that exist only on the host, on a container (which those commands have been removed from)?

If so is there a difference between commands that have been removed from the container than ones that the user don’t have permissions to run?

P.S. How do the tools in the above mentioned post work?

Thanks for the help! 🙂

Why did “terminal commands” never get a version of SQL “parameterized queries”?

I was taught horrible bad practice when I initially "learned" SQL, which baked in user-submitted input with quotes and attempted to "escape" this (in the beginning, I didn’t even escape it at all…). I then had to spend many years unlearning this, to instead do things like:

SELECT * FROM table WHERE id = $  1; 

And then the $ 1‘s data is sent separately to the database, not part of the actual query string, to make it impossible for "SQL injections" to happen.

However, terminal commands frequently need to be sent untrusted user input, such as:

generate_PDF.exe --template="a path goes here" --title-of-report="arbitrary title from user" 

Every time I have to run such a command, I’m scared to death that my "terminal argument escape" function isn’t working correctly, or has some unknown bug, so that users can make a title along the lines of "; rm -rf /; to execute arbitrary code on my machine.

This becomes even more of a serious issue when the normal "OS quotes" cannot be used, such as:

pg_dump --format custom --file "a real path" --exclude-table="schema name"."table name" 

The "schema name"."table name" part has to be provided in full from the user, and thus I have to attempt to verify the syntax myself, as it cannot just be quoted in its entirety with the "terminal argument escaper" function wrapping it all. (Even if it might be possible in this specific context, I’m talking in general and just using this as an example of when it gets "hairy".)

This has made me wonder why the terminal commands, for example in PHP (since I use this myself for everything) cannot be done like this:

pg_dump --format custom --file $  1 --exclude-table=$  2 

And then we send the actual arguments separately as an array of strings, just like with the "parameterized queries" in SQL databases?

Please note that the $ 1 and $ 2 here do not refer to PHP variables, but to "placeholders" for the "engine" which interprets this and which lives either in PHP or the OS.

Why is this not a thing? Or maybe it is, only I haven’t heard of it? I’m continuously baffled by how many things which I constantly need and use just "sit there and rot" while they keep releasing a new programming language every week which nobody uses. I feel more and more frustrated about how "stale" everything I care about seems, but this risks getting off-topic, so I’ll stick to the question I’ve just asked for now.

Can Windows CMD/DOS Commands Be Used In An OpenSSL Configuration File On Windows 10? [migrated]

I’m using OpenSSL v1.1.1g on a Windows 10 machine (I don’t know Linux – yet). Can Windows CMD/DOS commands be used in the OpenSSL configuration file or is the configuration file limited to the use of OpenSSL commands only? I assume the answer to this question is "No" since OpenSSL uses its own parser to process OpenSSL configuration files, but I’d like to have my assumption confirmed.