Having problems with SQL injection with mysqli extension PHP

I am new to SQL injections, and people on Reddit asked me do the portswigger labs. Which I did up till before 2nd order ones. So I am pretty comfortable with usual SQL injections.

Now I have myself made a PHP website using mysqli extensions instead of mysql. So for example, a basic Query execution looks like:

//mysqli// $ result = mysqli_query($ conn, $ qry); instead of $ result = mysql_query($ qry);

========================================================================

So I asked others and found out that without proper sanitization or separate query builders, mysqli extension is as vulnerable as mysql extension. So, the app I made is too basic. It’s just querying the DB and spitting out results. It’s that simple. No sanitization is done.

But executing basic payloads like ‘+or+1=1–+ or anything basic, gives me the error:

mysqli_error() expects exactly 1 parameter, 0 given

So I tried a lot and can’t get past this error for anything I try. I simply can’t execute injections with mysqli extension. Any help is highly appreciated.

Thank You.

Attacked by ransomware that has encrypted and renamed all files with a .makop extension

I’ve spent several hours searching the internet to see if anyone has cracked this encryption yet, but without any luck. I don’t want to reward criminals for their activity, but I do have a few files that I absolutely need. Besides finding a decryptor or paying the ransom, do I have any other options for recovering my files? I have been able to successfully restore a couple of systems from backups, but my personal system wasn’t backed up and has temporarily housed important files.

I’m somewhat familiar with best practices of backing up important files and/or saving to the cloud, but I will definitely be more vigilant in the future. It was mostly due to the ‘it will never happen to me’ mindset.

Relevant information:

  • I’ve identified how they got in, and have reset the password on that account (and all other accounts just in case).
  • I did have malware bytes and sophos installed. Looking at the Event Viewer, there are logs of both of these software being successfully uninstalled.
  • The files are renamed like this: originalFileName.orig.[8-digit-hex].[ruthlessencry@qq.com].makop
  • The ransom note file says to contact them at ruthlessencry@qq.com to pay them in bitcoins.
  • They’ll decrypt a couple of files for free, and then send me a scanner-decoder program after being paid.

Chrome Extension: document.querySelector(‘button’).click() is not working on button created on React

I want from extension to click the button but button click event is not working as if i use JS DOM Methods:

getElementsByClassName('button')[0].click(); // Not working //or document.querySelector('button').click(); // Not working   

The problem is that button is created either on “React.js“, so i think that causes not to happen the button click event.

Please suggest me any solution for this problem.

Thanks.

Chrome extension differences: Urban Shield VS Urban Free VPN proxy Unblocker

What’s the difference between these two Chrome extensions, which provide VPN functionality for browsing via Chrome:

Urban Shield: https://chrome.google.com/webstore/detail/urban-shield/almalgbpmcfpdaopimbdchdliminoign?hl=en

Urban Free VPN proxy Unblocker: https://chrome.google.com/webstore/detail/urban-free-vpn-proxy-unbl/eppiocemhmnlbhjplcgkofciiegomcon

They are both developed by the same company, but I couldn’t find any explanation regarding the differences between the two.

Would it be a big security vulnerability if someone wrote a browser extension to retrieve personal information on Google’s behalf?

I am a 6th grader working in a project and came across the following question:
On most browsers, you can inject JavaScript code into the browser, for example by typing in javascript:alert(‘Injecting javascript code’). On Google Chrome, if you do this on Google Drive, instead of the title being “drive.google.com says”, the title is “Google Drive”. Would this be a security threat in any way if someone wrote a malicious extension to ask for personal information on Google’s behalf?

Using Beyond20 extension – How to connect your sheet to the VTT?

I recently discovered the Beyond20 browser extension and have installed it. The extension is supposed to make it so you can “roll” from your DNDbeyond character sheet and it will do the roll in your VTT (Roll20 for me.)

I’ve verified that my Roll20 character sheet is the dnd5e by Roll20 that it uses, but any time I click on a roll, it doesn’t roll in Roll20.

Is there something I’m missing or a step where the Roll20 token is linked to it? I’d really like to not track two character sheets, but can’t seem to get it to work.

SEO Rewrite , URI Without .php Extension To file [duplicate]

I have website with this output Link :

https://domain1.net/estates.php?estname=XXXX&location=YYYYY 

I want change it to :

https://domain1.net/XXXXX/YYYYY 

I try it with following rewrite rule :

RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^([^/]*)/([^/]*)/?$   /estates.php?estname=$  1&location=$  2 [L] 

or

RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^([^-]*)/([^-]*)/?$   /estates.php?estname=$  1&location=$  2 [L] 

but result not work fins , means when test it site design break down and pic and CSS element not loading .