{"categories":["Security"],"published":"2021-02-08 22:20:19","blog_title":"\u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093","title":"Missing Flavortext [DiceCTF 2021]","image_url":null,"width":"100%","author_name":"hamayanhamayan","author_url":"https://blog.hatena.ne.jp/hamayanhamayan/","url":"https://blog.hamayanhamayan.com/entry/2021/02/08/222019","description":"SQL Injection\u3063\u307d\u3044\u3002 app.post('/login', (req, res) => { if (!req.body.username || !req.body.password) { return res.redirect('/'); } if ([req.body.username, req.body.password].some(v => v.includes('\\''))) { return res.redirect('/'); } // see if user is in database const query = `SELECT id FROM users WHE\u2026","type":"rich","height":"190","blog_url":"https://blog.hamayanhamayan.com/","provider_name":"Hatena Blog","provider_url":"https://hatena.blog","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fblog.hamayanhamayan.com%2Fentry%2F2021%2F02%2F08%2F222019\" title=\"Missing Flavortext [DiceCTF 2021] - \u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093\u306f\u307e\u3084\u3093\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","version":"1.0"}