Tenser’s Transformations and other forms of magical damage

This question concerns a multi-classed Bard (College of Whispers)/Paladin who acquired the spell Tenser’s Transformation (henceforth TT) as a magical secret…

Could such a bard – use 1) the psychic blades feature to add damage to his/her attacks

  • AND/OR use the Paladin’s smite function to empower his/her attacks?

I understand you can’t cast spells while under the effect of TT – but can you either of the above options to enhance damage?

Does one of the normal forms require separation of repeating clusters of values into another table?

Should the repeating values in the “Sales” table below be separated out into a second table as part of the process of database normalization? Note that none of the values are functionally dependent on each other; those values that are functionally dependent are already normalized out to other tables. I’m just not sure if there’s any benefit to separating the “clusters” of values in different domains out into a separate table since the table contains tens of millions of rows, but only a few thousand distinct combinations of these values:

LOCATION     PRODUCT         RECIPIENT     DATE       AMOUNT   New York     Cheesecake      Bill          1/1/2000   $  25.00 New York     Cheesecake      Bill          2/1/2000   $  42.00 New York     Cheesecake      Bill          3/1/2000   $  17.00 Dallas       Cheesecake      Bill          4/1/2000   $  15.00 Dallas       Cheesecake      Bill          5/1/2000   $  17.00 Dallas       Cherry Pie      Bill          6/1/2000   $  14.00 Dallas       Cherry Pie      Bill          7/1/2000   $  13.00 Dallas       Cherry Pie      Sam           8/1/2000   $  16.00 

The table would be separated into a “Sale Types” table:

SALETYPE     LOCATION    PRODUCT       RECIPIENT 1            New York    Cheesecake    Bill 2            Dallas      Cheesecake    Bill 3            Dallas      Cherry Pie    Bill 4            Dallas      Cherry Pie    Sam 

So that the original “Sales” table would look like this:

SALETYPE     DATE        AMOUNT 1            1/1/2000    $  25.00 1            2/1/2000    $  42.00 1            3/1/2000    $  17.00 2            4/1/2000    $  15.00 2            5/1/2000    $  17.00 3            6/1/2000    $  14.00 3            7/1/2000    $  13.00 4            8/1/2000    $  16.00 

Since each unique combination of values appears approximately 1,000 times each on average, I believe that would save storage and potentially memory pressure, but my understanding of the underlying RDBMS memory optimizations is admittedly pretty limited. Would that be considered database normalization though?

How can we let customers upload filled-out forms on our website? [closed]

I’m not sure if this is the right place for this question, but here goes:

We have a website where customers can login, and see some safety forms as PDF documents.

The idea is that they need to fill out these forms, and send them to us somehow.

Right now, there are 2 choices:

  1. We can let the customer print the form, fill it out with a pencil/pen, scan it, and upload it to us as a file
  2. We can convert the form into HTML, and have them fill out a regular HTML form

Both would work, but:

  • Option 1 is incredibly inconvenient for the customer
    • They need a printer and scanner
    • They need to go through the effort of printing and scanning potentially dozens of pages per day
  • Option 2 is incredibly inconvenient for us
    • For every Safety Form we want to show the customer, which could be dozens, each one made up of dozens of pages, we would need to spend time converting it to HTML
    • The managers running our website that have new safety forms to show the customer don’t know HTML, so they’ll constantly be bugging web developers to convert PDF files to HTML. Our web developers have better things to do than convert PDFs to HTML all day long

The only thing I can think of to make it easy for everyone is to use some sort of javascript based PDF annotation library. The customers would be able to add text directly overtop of a PDF, and hit a button to send it to us. The managers would just upload the PDF they want the customer to fill out, without needing to do anything else.

There are a few libraries that can do this that I have come across, but they all seem to be insanely expensive. pdfjs.express is $ 375/month. My boss would be unlikely to pay 1/10th of that as a one time fee…

Is there a free library to let someone use their browser to write text overtop of a PDF file, and send it to the server when they are done?

Failing that, are there any other ideas?

Edit: We can also do something like convert each PDF uploaded by the managers to a set of images (one image per page), show them to the customer as images, and use something like marker.js to let them modify the images. It may be a bit of work to get working, but right now, that’s my best option

How Dijkstra’s algorithm forms shortest path tree when multiple nodes have same shortest path length

I came across following problem:

Consider below graph:
enter image description here
What will be the shortest path tree starting with node $ A$ returned by Dijkstra’s algorithm, if we assume priority queue is implemented as binary min heap?

My solution:

I referred Dijkstra from CLRS:
enter image description here

With A as a starting node, we will have priority queue bin min heap as follows:

A{root, 0}     | Rest all:{∅,∞} 

(Notation: {parent in SPT, shortest path weight})

It will extract A from priority queue and add it to SPT and will relax AC and AB:

    B{A:5}      /  \ C{A:6}  Rest all:{∅,∞}  

It will extract B from priority queue and and add it to SPT:

   C{A:6}       | Rest all:{∅,∞}  

and will relax BE:

            C{A:6}              /   \ Rest all:{∅,∞}   E{B,6} 

Next it will extract C and so one. Thus the SPT will be:

enter image description here

But not:

enter image description here

Q1. Am I correct with above?
Q2. CLRS algo does not dictate which node to add to SPT if multiple of them have same shortest path weight. Hence its dependent on how priority queue is implemented. If no information was given about how priority queue was implemented then we cannot tell how SPT will be formed. Am I right?

Hydra http-post-form when there are two forms on the page

I am trying to brute force the login creditials on the following website

<!doctype html> <html>     <head>         <title>Admin Login -- Cody's First Blog</title>     </head>     <body>         <h1>Admin Login</h1>         <form method="POST">     Username: <input type="text" name="username"><br>     Password: <input type="password" name="password"><br>     <input type="submit" value="Log In"><br>     <span style="color: red;">Incorrect username or password</span></form>         <br>         <br>         <hr>         <h3>Comments</h3>         <!--<a href="?page=admin.auth.inc">Admin login</a>-->         <h4>Add comment:</h4>         <form method="POST">             <textarea rows="4" cols="60" name="body"></textarea><br>             <input type="submit" value="Submit">         </form>     </body> </html> 

I have been running the hydra command

hydra **domain** http-post-form /**subdomain**/?page=admin.auth.inc:username=^USER^:password=^PASS^:F='Incorrect username or password' -L ~/Documents/SecLists/Usernames/top-usernames-shortlist.txt -P ~/Documents/SecLists/Passwords/darkweb2017-top100.txt -t 30 -w 30 -o ~/Desktop/hydra-http-post-attack.txt 

I get the output

hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2019-12-30 16:01:39 [WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore [DATA] max 30 tasks per 1 server, overall 30 tasks, 1683 login tries (l:17/p:99), ~57 tries per task [DATA] attacking http-post-form://**domain**:80/**subdomain**/?page=admin.auth.inc:username=^USER^:password=^PASS^:Incorrect username or password [STATUS] 30.00 tries/min, 30 tries in 00:01h, 1653 to do in 00:56h, 30 active [STATUS] 10.00 tries/min, 30 tries in 00:03h, 1653 to do in 02:46h, 30 active [STATUS] 4.29 tries/min, 30 tries in 00:07h, 1653 to do in 06:26h, 30 active [STATUS] 2.00 tries/min, 30 tries in 00:15h, 1653 to do in 13:47h, 30 active [STATUS] 0.97 tries/min, 30 tries in 00:31h, 1653 to do in 28:29h, 30 active [STATUS] 0.64 tries/min, 30 tries in 00:47h, 1653 to do in 43:10h, 30 active [STATUS] 0.48 tries/min, 30 tries in 01:03h, 1653 to do in 57:52h, 30 active [STATUS] 0.38 tries/min, 30 tries in 01:19h, 1653 to do in 72:33h, 30 active [STATUS] 0.32 tries/min, 30 tries in 01:35h, 1653 to do in 87:15h, 30 active [STATUS] 0.27 tries/min, 30 tries in 01:51h, 1653 to do in 101:57h, 30 active [STATUS] 0.24 tries/min, 30 tries in 02:07h, 1653 to do in 116:38h, 30 active [STATUS] 0.21 tries/min, 30 tries in 02:23h, 1653 to do in 131:20h, 30 active [STATUS] 0.19 tries/min, 30 tries in 02:39h, 1653 to do in 146:01h, 30 active [STATUS] 0.17 tries/min, 30 tries in 02:55h, 1653 to do in 160:43h, 30 active [STATUS] 0.16 tries/min, 30 tries in 03:11h, 1653 to do in 175:25h, 30 active [STATUS] 0.14 tries/min, 30 tries in 03:27h, 1653 to do in 190:06h, 30 active [STATUS] 0.13 tries/min, 30 tries in 03:43h, 1653 to do in 204:48h, 30 active [STATUS] 0.13 tries/min, 30 tries in 03:59h, 1653 to do in 219:29h, 30 active [STATUS] 0.12 tries/min, 30 tries in 04:15h, 1653 to do in 234:11h, 30 active [STATUS] 0.11 tries/min, 30 tries in 04:31h, 1653 to do in 248:53h, 30 active [STATUS] 0.10 tries/min, 30 tries in 04:47h, 1653 to do in 263:34h, 30 active 

Any idea whats going wrong? It seems none of the threads are being resolved.

Can non-lycanthropes with specific alternate forms appear as hybrids?

Say a succubus from Savage Species chooses to look like a country’s queen as her alternate form. But she also wants to use her demonic claws and wings. Can she just take the queen’s appearance as her alternate form, then assume a “hybrid” appearance (the queen, but with claws; or the queen, but with wings) or would doing so require taking three separate alternate forms?

OWASP ZAP submit forms

I’m trying to find SQL injection vulnerability in DVWA with OWASP ZAP. After some clicking through the page I have a small site map:

enter image description here

I ran Active scan, Spider and AJAX spider on the GET:sqli node. As you can see in the screenshot above, SQL injection vulnerability was not found. Neither was the form action from the https://localhost:8081/vulnerabilities/sqli/ page:

enter image description here

Only if I manually submit the form, the form action shows up in the Sites tab:

enter image description here

And only if I run Active scan again, the SQL Injection vulnerability is detected.

enter image description here

Is there any way to force spider / active scan to submit forms and detect their vulnerabilities automatically?