"The best cyber film of the year!" -- Which year? Every year. #HackThePlanet #BeKindRewind pic.twitter.com/ZNCigxXgds
#iZombie is Certified Fresh
at 91% ---> http://tmto.es/KsHyX @iZombieWriters @RobThomas 
#Tomatometer
Xpath in #EdgeHTML using CSS selectors and WGX (Wicked Good XPath) http://blogs.msdn.com/b/ie/archive/2015/03/19/improving-interoperability-with-dom-l3-xpath.aspx … The tech here is amazing. #ICodeReviewedThat
People only care about International Men's Day on International Women's Day
(continued) #HappyWomensDay pic.twitter.com/vbipruBswJ
Lots of questions about my #ES6
arrow functions assertions. Here's full context (and some cleanup/clarifications): https://github.com/getify/You-Dont-Know-JS/blob/master/es6%20%26%20beyond/ch2.md#arrow-functions …
Harris' Phone/Foam Corner is one of the best part of #ComedyBangBang. http://youtu.be/AweVgPJhVFQ #RIPHarrisWittels
"hey, is that a new Lenovo laptop you've got there?" "well, sort of. it's
pre-owned." #superfish
Historical note for #mshtml is that cells did Excel style col/row indexing. Either single A7, or range A7:C12, Try it http://jsfiddle.net/16xcvwag/1/
This Will Change The Way You Watch ‘Fight Club’ http://www.clickhole.com/r/1803tsd #NSFW pic.twitter.com/cnBwtF1QqC
Stripe's web security CTF's level 0 and level 3 had SQL injection solutions described below.
Basically this. 
Summary of Scalia’s dissent. 
Old war. New battlefield. 
Stopped at the roadside for a 
app.get('/*', function(req, res) {
var namespace = req.param('namespace');
if (namespace) {
var query = 'SELECT * FROM secrets WHERE key LIKE ? || ".%"';
db.all(query, namespace, function(err, secrets) {There's no input validation on the namespace parameter and it is injected into the SQL query with no encoding applied. This means you can use the '%' character as the namespace which is the wildcard character matching all secrets.
Code review red flag was using strings to query the database. Additional levels made this harder to exploit by using an API with objects to construct a query rather than strings and by running a query that only returned a single row, only ran a single command, and didn't just dump out the results of the query to the caller.
@app.route('/login', methods=['POST'])
def login():
username = flask.request.form.get('username')
password = flask.request.form.get('password')
if not username:
return "Must provide username\n"
if not password:
return "Must provide password\n"
conn = sqlite3.connect(os.path.join(data_dir, 'users.db'))
cursor = conn.cursor()
query = """SELECT id, password_hash, salt FROM users
WHERE username = '{0}' LIMIT 1""".format(username)
cursor.execute(query)
res = cursor.fetchone()
if not res:
return "There's no such user {0}!\n".format(username)
user_id, password_hash, salt = res
calculated_hash = hashlib.sha256(password + salt)
if calculated_hash.hexdigest() != password_hash:
return "That's not the password for {0}!\n".format(username)There's little input validation on username before it is used to constrcut a SQL query. There's no encoding applied when constructing the SQL query string which is used to, given a username, produce the hashed password and the associated salt. Accordingly one can make username a part of a SQL query command which ensures the original select returns nothing and provide a new SELECT via a UNION that returns some literal values for the hash and salt. For instance the following in blue is the query template and the red is the username injected SQL code:
SELECT id, password_hash, salt FROM users WHERE username = 'doesntexist' UNION SELECT id, ('5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8') AS password_hash, ('word') AS salt FROM users WHERE username = 'bob' LIMIT 1Code review red flag is again using strings to query the database. Although this level was made more difficult by using an API that returns only a single row and by using the execute method which only runs one command. I was forced to (as a SQL noob) learn the syntax of SELECT in order to figure out UNION and how to return my own literal values.
Some rights reserved