{"id":55423,"date":"2022-08-25T09:23:43","date_gmt":"2022-08-25T01:23:43","guid":{"rendered":"https:\/\/version-2.com\/?p=55423"},"modified":"2022-09-29T17:41:16","modified_gmt":"2022-09-29T09:41:16","slug":"primer-on-sql-injection","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2022\/08\/primer-on-sql-injection\/","title":{"rendered":"Primer on SQL Injection"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

Intro<\/h3>

Our goal here is to explain what SQL Injection means, how it works, and what types of SQLi exist. With so many applications talking on the internet, while also having some sort of database on the backend, SQL Injection is something you should always think of.<\/p>

There\u2019s too many production systems that are internet-facing, and if they have a database on their backend (which they usually do), you would probably want to mitigate this risk in any way possible.<\/p>

 <\/h3>

What is SQL Injection?<\/h3>

SQLi, or short for SQL Injection is an attack on a database of a webapp. SQL Injection means that the malicious query gets executed \u2013 injected. This happens when we don\u2019t validate properly, not sanitizing our user inputs, or not using stored procedures, for example. When we don\u2019t do this, we allow the user input to be sent from their browser \u2013 or our webapp\u2019s frontend \u2013 to the backend of the app, where the database lives, which then gets executed. The idea here is to have some sort of control, so that our app will evaluate the given input to see if it\u2019s valid, before letting the query be executed. Ideally, if the input is not valid, it would just not let the user execute. If we don\u2019t do this, we will be vulnerable to the SQL injection.<\/p>

When this attack is successful, there\u2019s a risk of stuff within the webapp database being deleted, altered, stolen, or used to further attack other areas of the application. SQL injection, even though its one of the oldest vulnerabilities, as you can infer, can be particularly devastating for us.<\/p>

Let\u2019s try and briefly illustrate how an SQL injection would look like, using one of the simplest types of SQL injection \u2013 in-band SQLi.<\/p>

For example, imagine the query below should return personal data of the current user \u2013 call him user1, and display it:<\/p>

SELECT * FROM users WHERE user_id LIKE \u2018user1\u2019<\/code><\/pre>
If we allow this query to be executed in our app, our attacker could simply say %\u2019– <\/strong>which would in turn send the following query to our database:<\/p>
SELECT * FROM users WHERE user_id LIKE \u2018%\u2019--\u2019<\/code><\/pre>
Since in SQL the two dashes are used to comment out the rest of the line that follows, our app would actually execute the following query:<\/p>
SELECT * FROM users WHERE user_id \u2018%\u2019<\/code><\/pre>
The percent sign in SQL is a wildcard, and the query above, when executed, would in turn display all <\/em>the contents in the users table.<\/p>
This is quite scary as you can see, and not at all complex to do. The example above is something that\u2019s known as in-band<\/em> SQLi.<\/p>
Types of SQLi<\/h3>
There are three main categories of SQLi: in-band SQLi<\/em>, blind SQLi<\/em>, and out-of-band SQLi<\/em>. Our example above used the in-band SQLi, but let\u2019s try and explain these three types of SQLi a bit more.<\/p>
In-band SQLi<\/h3>
This is the simplest of the three SQLi types; in-band means that our attacker, who is able to change the query to their liking, will get direct results of this changed query. Direct results implies they also get their results in the same way they performed the attack \u2013 if they did that with their browser, their browser would also display the results of the query.<\/p>
Subcategories include error-based SQLi<\/em> and union-based SQLi<\/em>.<\/p>
Blind SQLi<\/h3>
Contrary to the in-band SQLi, with blind SQLi we get no feedback, or very little response as to the success of the injected query. One of the most well known examples of the blind SQLi is the \u2018 OR 1=1;– <\/strong>(which is also a subcategory of blind SQLi called Boolean SQLi). 1=1 is always a true statement, and when combined with the OR operator, this query will also be true, which can end up being enough for the logic of our web application that would in turn believe that it found a valid username\/password combination, thus allowing access.<\/p>
This can be used to bypass authentication \u2013 letting us through the login screen; login forms that are connected to the user database are often made in such a way that the application doesn\u2019t really care what username\/password is given to it, rather that the two are matched successfully in the respective table.<\/p>
You can think of it as our application asking the database if there is such a combination of the username\/password (not what the contents are) and the response from the database is either true or false. If true, we are granted access, and can login successfully.<\/p>
Blind SQLi query could look something like this:<\/p>
SELECT * FROM users WHERE username=\u2019 \u2018 and password=\u2019 \u2018 OR 1=1;<\/code><\/pre>
Two subcategories include: Boolean-based SQLi<\/em> and time-based SQLi<\/em><\/p>
Out-of-band SQLi<\/h3>
Not that commonly used, out-of-band SQLi needs specific features to be enabled on the database server, or in the web application\u2019s logic, that would make an external network call based on the results of the given query.<\/p>
The server would need to have commands that could trigger DNS or HTTP requests, otherwise we can\u2019t do the out-of-band SQLi.<\/p>
Further, there are two communication channels in out-of-band SQLi \u2013 one that is used to do the attack, and the other that would collect the results.<\/p>
If, however, these conditions are met, what would happen is that the attacker could make a request to the website, with their payload, then the website\/app would make an SQL query on their behalf, which gets passed to the database (the payload is passed too), and finally, the payload has a request inside it that forces the database to send back an HTTP request to the attacker\u2019s machine \u2013 containing the results.<\/p>
 <\/h3>
Preventing SQLi<\/h3>
Some of the best ways to prevent SQLi is to use, prepared statements (parametrized queries)<\/em>, input validation<\/em>, and escaping user input.<\/em><\/p>
Prepared statements (parameterized queries) \u2013<\/em> the only fully effective way to prevent all types of SQLi in web apps. (If your language doesn\u2019t support parameterized queries but your database does, you can use stored procedures instead).<\/p>
We must note that even though input validation and escaping user input can help you against SQLi, these methods are not completely bulletproof and the attacker might still find a way around them.<\/p>
Conclusion<\/h3>
We hope that this short primer on SQLi has brought the topic closer to you. The main takeaway here (we feel) is the fact that avoiding this specific vulnerability should mostly depend on your developers, specifically, crafting the appropriate prepared statements\/parameterized queries as this is the best approach \u2013 since it eliminates the vulnerability alltogether. Without it, your filters, blacklisting, or other controls, are just bigger obstacles, but not the full solution.<\/p>
#SQLi #blind #in-band #out-of-band<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
About Version 2 Digital<\/h3>
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
<\/p>\n
About VRX<\/b>
VRX <\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"
Intro Our goal here is to explain what SQL Injection me […]<\/p>","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,488,61],"tags":[477,489],"class_list":["post-55423","post","type-post","status-publish","format-standard","hentry","category-vrx","category-488","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"\nPrimer on SQL Injection - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Primer on SQL Injection - Version 2\" \/>\n<meta property=\"og:description\" content=\"Intro Our goal here is to explain what SQL Injection me […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-25T01:23:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-29T09:41:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/primer-on-sql-injection#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/08\\\/primer-on-sql-injection\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Primer on SQL Injection\",\"datePublished\":\"2022-08-25T01:23:43+00:00\",\"dateModified\":\"2022-09-29T09:41:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/08\\\/primer-on-sql-injection\\\/\"},\"wordCount\":1091,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/primer-on-sql-injection#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"vRx\",\"2022\",\"Press Release\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/08\\\/primer-on-sql-injection\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/primer-on-sql-injection\",\"name\":\"Primer on SQL Injection - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/primer-on-sql-injection#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/primer-on-sql-injection#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg\",\"datePublished\":\"2022-08-25T01:23:43+00:00\",\"dateModified\":\"2022-09-29T09:41:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/primer-on-sql-injection#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/primer-on-sql-injection\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/primer-on-sql-injection#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/primer-on-sql-injection#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Primer on SQL Injection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Primer on SQL Injection - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection","og_locale":"en_US","og_type":"article","og_title":"Primer on SQL Injection - Version 2","og_description":"Intro Our goal here is to explain what SQL Injection me […]","og_url":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection","og_site_name":"Version 2","article_published_time":"2022-08-25T01:23:43+00:00","article_modified_time":"2022-09-29T09:41:16+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"Written by":"version2hk","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/08\/primer-on-sql-injection\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Primer on SQL Injection","datePublished":"2022-08-25T01:23:43+00:00","dateModified":"2022-09-29T09:41:16+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/08\/primer-on-sql-injection\/"},"wordCount":1091,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg","keywords":["vRx","2022"],"articleSection":["vRx","2022","Press Release"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/08\/primer-on-sql-injection\/","url":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection","name":"Primer on SQL Injection - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg","datePublished":"2022-08-25T01:23:43+00:00","dateModified":"2022-09-29T09:41:16+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl6nhb4qq1xpf0mqrc9aj41dc.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/primer-on-sql-injection#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"Primer on SQL Injection"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/en\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-epV","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/55423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=55423"}],"version-history":[{"count":5,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/55423\/revisions"}],"predecessor-version":[{"id":55428,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/55423\/revisions\/55428"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=55423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=55423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=55423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}