How can I carry out SQL insert injection when there’s a select statement beforehand

So here’s the deal. I’ve been working on an SQL injection challenge and here’s what comes up.

There’s a registration page where you input your Username, password and confirm password. It’s vulnerable to INSERT SQL injection, I’m basically trying to insert my own data and make myself and admin (admin=1). However, there is a SELECT statement before the INSERT statement that checks if the username exists in the database. The problem is, if I try inserting data with SQL injection, the SELECT statement will fail and will generate an error, and the INSERT statement will never be executed.

I’ve made an in-a-nutshell PHP code to show you how it works.

<?php     $  username = $  _POST['username'];     $  password = md5($  _POST['password']);      $  sql = mysqli_query("SELECT * FROM users WHERE username = '$  username';");     if(mysqli_num_rows($  sql) > 0 || !$  sql) {         // this code will be run if the username already exists OR an SQL error in the query above.     }     else {         $  sql = mysqli_query("INSERT INTO users (`id`,`username`,`password`,`admin`) VALUES (NULL,'$  username','$  password',0);");     } ?> 

So the thing is, if I tried signing up with the username "admintest','password',1);-- " which should in theory INSERT myself into the database as an admin, here comes the problems.

The problem, is the SELECT query. Watch what happens.

SELECT * FROM users WHERE username = 'admintest','password',1);-- '; 

This of course is a syntax-error, and as we saw by the code I provided above, an IF statement will confirm that the SQL query was a syntax error, and the INSERT statement will NEVER run.

In an ideal world, this should happen in the INSERT statement, which will insert me as an ADMIN.

INSERT INTO users (`id`,`username`,`password`,`admin`) VALUES (NULL,'admintest','password',1);-- ','password',0); 

I’ve tried to work out something that doesn’t generate a syntax error on the SELECT, and also INSERTs the data I want to insert. Would be appreciated if anyone could help out 🙂

Is there a “Shadowdark” or similar in the Shadowfell like how there’s a Feydark in the Feywild?

The Material Plane (or Prime Material Plane) has an underground realm known as the Underdark.

There are planes in 5e that were introduced in 4e, the Feywild and the Shadowfell, that are reflections of the Material Plane.

In the Feywild, there is a realm called the Feydark, which is a reflection of the Underdark of the Material Plane.

Is there an equivalent realm within the Shadowfell that is a reflection of the Underdark? A "Shadowdark" or similar?


I’m looking for lore from official 5e or 4e material, but I don’t expect there to be any such lore from editions before 4e because the Feywild and Shadowfell didn’t exist before then (although, since the Plane of Shadow from previous lore is considered to be the same as the Shadowfell, there might be something relevant from previous editions, but I’m expecting that most of the relevant information will come from 4e).

Can this Lair Action restore all the lich’s 8th or lower spell slots even when there’s no combat or any of the lich’s enemies within?

One of the Lair Actions of a lich does the following:

The lich rolls a d8 and regains a spell slot of that level or lower. If it has no spent spell slots of that level or lower, nothing happens.

A lich decided to attack the party, using some of its spell slots in the process, and then retreat to its lair to recover and await the party.

If the party manage to find the lich’s lair within 8 hours (i.e. before the lich can long rest and recover its spell slots that way), would the above Lair Action have (likely1) restored all of the lich’s spent spell slots (excluding the 9th level spell slot, obviously)?

Or is there some reason this wouldn’t work, such as the Lair Actions only being "active" when there are enemies of the lich actually in the lair (i.e. during combat)?


1 I say "likely" because there’s a dice roll involved, so technically it could not roll the numbers it needs to actually recover all its spell slots, but let’s discount that possibility as I imagine an hour or so of rolling will almost definitely roll the numbers that it needs eventually.

How can I resolve a repeatable skill check when there’s no time constraint or clear drawback from repeating it? [duplicate]

Willem Renzema’s answer to "Can you Investigate the same room twice?" and abalonemacaroni’s answer to "I failed to open a lock. Now what?" seem to lean towards the idea that if an ability check can be repeated indefinitely given enough time, a drawback should occur on each failed attempt to offset that.

But how can I resolve a repeatable skill check when there’s no time constraint or clear drawback from repeating it?

For example, making a History check in a library, lockpicking a safe that you’ve already stolen and brought back to your hostel, or making an Investigation check on an emptied dungeon, etc.

Basically, it feels like they are going to succeed in both cases, and the roll looks useless.

Stopping touchpad clicks registering as right-clicks when there’s another finger already on the pad

Often I will drag the cursor to a particular location with my right finger and then press the touchpad with my left finger to left-click, whilst my right finger is still on the pad. This works in Windows and other laptops I’ve used before, but in Ubuntu 18.04 these keep registering as right-clicks whenever my fingers are too close together. This makes clicking and dragging particularly annoying as I have to lift my other finger off the pad before initiating the click.

Basically I want to configure my touchpad to ignore the presence of a second finger when it is clicked, and just do a left click regardless, but can’t spot a relevant setting in xinput --list-props

Ad Networks: There’s “Shaving” – And Then there’s BLATANTLY RAPING Publishers…

Ok, so there's "shaving" (bad enough as it is but they all do it whether they admit it or not and they always will, just a fact) – and then there's OUTRIGHT RAPE

These screenshots are my GA of the traffic I sent VS Their dashboard. I have already emailed my AM (9 hrs ago) no response, and saw him sign in to skype, read the my messages and sign back out without replying…. So I've definitely reached out to them before opening a "scam" thread…..

GA Traffic:…

Ad Networks: There's "Shaving" – And Then there's BLATANTLY RAPING Publishers…

Foreign key constraint when there’s a navigation property to a derived class

I’m using code-first to create my databases in Entity Framework, and am using the Table per Hierarchy approach for the inheritance hierarchy for the class shown below.

When I run a migration everything works, but when I update my database I get the following error:

System.Data.SqlClient.SqlException: The INSERT statement conflicted with the FOREIGN KEY constraint “FK_dbo.BaseStatus_dbo.Rider_ID”. The conflict occurred in database “ASPNET_INSURANCE_c48b7267b7cd4bac952caa1a467ab9ae”, table “dbo.Rider”, column ‘ID’.

I have a class that has a navigation property to a derived class. (Simplified code)

    public class Rider     {        public int ID { get; set; }        public virtual DerivedStatus derivedStatus { get; set; }     } 

The derived classes with data annotations look like so:

    public class BaseStatus     {         [Key, ForeignKey("person")]         public int ID { get; set; }          [Required]         public int PersonID { get; set; }          public bool? Married { get; set; }     }      public class DerivedStatus : BaseStatus     {         public bool? HomeOwnership { get; set; }     } 

For the DbContext I have just added the following to create the table which works as expected (all properties in one table with a Discriminator column).

public DbSet<BaseStatus> Status { get; set; } 

The relationship between the Rider and the derived class is one-to-one.

I’m not sure if it’s relevant/of help, but below is part of the DbMigration file which is generated:

                CreateTable(                 "dbo.Rider",                 c => new                     {                         ID = c.Int(nullable: false, identity: true),                         CorrelationID = c.Guid(),                         derivedStatus_ID = c.Int(),                     })                 .PrimaryKey(t => t.ID)                 .ForeignKey("dbo.BaseStatus", t => t.derivedStatus_ID)                 .Index(t => t.derivedStatus_ID);  

When updating the database I’m also seeding it with some test data which I guess is when it picks up on this problem.

This is the first time I’m using inheritance in Entity and I’m not sure where the problem lies. I’ve tried dropping my database and re-running migrations as I’d read this can sometimes cause problems but I got the same error message.

Going forward there will likely be further derived classes of both the BaseStatus and Rider classes, with different derived Riders using different Status classes so any solution must be scalable.

Foreign key constraint when there’s a navigation property to a derived class

I’m using code-first to create my databases in Entity Framework, and am using the Table per Hierarchy approach for the inheritance hierarchy for the class shown below.

When I run a migration everything works, but when I update my database I get the following error:

System.Data.SqlClient.SqlException: The INSERT statement conflicted with the FOREIGN KEY constraint “FK_dbo.BaseStatus_dbo.Rider_ID”. The conflict occurred in database “ASPNET_INSURANCE_c48b7267b7cd4bac952caa1a467ab9ae”, table “dbo.Rider”, column ‘ID’.

I have a class that has a navigation property to a derived class. (Simplified code)

    public class Rider     {        public int ID { get; set; }        public virtual DerivedStatus derivedStatus { get; set; }     } 

The derived classes with data annotations look like so:

    public class BaseStatus     {         [Key, ForeignKey("person")]         public int ID { get; set; }          [Required]         public int PersonID { get; set; }          public bool? Married { get; set; }     }      public class DerivedStatus : BaseStatus     {         public bool? HomeOwnership { get; set; }     } 

For the DbContext I have just added the following to create the table which works as expected (all properties in one table with a Discriminator column).

public DbSet<BaseStatus> Status { get; set; } 

The relationship between the Rider and the derived class is one-to-one.

I’m not sure if it’s relevant/of help, but below is part of the DbMigration file which is generated:

                CreateTable(                 "dbo.Rider",                 c => new                     {                         ID = c.Int(nullable: false, identity: true),                         CorrelationID = c.Guid(),                         derivedStatus_ID = c.Int(),                     })                 .PrimaryKey(t => t.ID)                 .ForeignKey("dbo.BaseStatus", t => t.derivedStatus_ID)                 .Index(t => t.derivedStatus_ID);  

When updating the database I’m also seeding it with some test data which I guess is when it picks up on this problem.

This is the first time I’m using inheritance in Entity and I’m not sure where the problem lies. I’ve tried dropping my database and re-running migrations as I’d read this can sometimes cause problems but I got the same error message.

Going forward there will likely be further derived classes of both the BaseStatus and Rider classes, with different derived Riders using different Status classes so any solution must be scalable.

Help me prove to my boss there’s a better way to rapidly deploy applications!

I suck at programming; my historical training has been in Desktop Support/Server Administration, which I happen to excel at.

I’ve been tasked to convert 4 Microsoft Access Data Projects into JavaScript Web Applications. I’ve been in this new “Developer” position for about 2 years; I have completed 3 of the 4 applications.

I’m alone in a corner, miserable, and I’m coding in a vacuum. I have nobody to bounce ideas off of, or to learn from. The boss has established a framework that has existed for 20 years, and he “just wants me to do my job.”

We’re using JavaScript, MSSQL Stored Procedures, and a middle-man Web Service running Apache Tomcat. I’m almost blind as to what’s happening in the middle.

Here’s what I think I want to do: (note: we’re full-on admins and have a lot of flexibility with our platforms)

  1. I need a way to absolutely minimize modifications to 20-year-old Store Procedures. I absolutely hate writing code in Store Procedures. Our code is VERY database-heavy.
  2. I really wanted to learn .NET and C# instead of JavaScript
  3. I want to follow the MVC framework ideology, which I have not clue how to do
  4. I need a CSS ideology to follow for web applications. Bootstrap is too verbose, and too complicated. Remember, these are just forms based on old-school VBA Access Databases.
  5. I want to minimize the HTML & CSS that has to be written
  6. I have experience with ColdFusion. We need to keep this free, so I’m thinking about PHP. They have MVC frameworks, and supposedly connect directly to SQL.
  7. I’m also thinking about ASP.NET C# web applications, but I have no clue how it talks to SQL.
  8. I don’t know how to use GIT HUB to maintain DEV and PROD environments. Right now, I manually copy files to the webroot.

So, yeah, I’m more of a front-end guy.

It is so hard to maintain and deploy applications in this department; Our custom framework is old, and antiquated, and fights itself

Before I’m fired, quit, or move on, I really would like to prove to my boss there are better ways to do things:

What MVC framework to I research? Should I figure out PHP? OR, How does ASP .NET C# web apps connect to DBs? What CSS framework do I use for simple web forms?