Skip to content
Snippets Groups Projects
Commit 1593e47f authored by martin.birlouez.etu's avatar martin.birlouez.etu
Browse files

Q4

parent a0e34311
No related branches found
No related tags found
No related merge requests found
...@@ -43,8 +43,15 @@ curl -X POST -F "chaine=Drop','8.8.8.8'); DELETE chaine WHERE 1=1 #" localhost:8 ...@@ -43,8 +43,15 @@ curl -X POST -F "chaine=Drop','8.8.8.8'); DELETE chaine WHERE 1=1 #" localhost:8
## Question 4 ## Question 4
Rendre un fichier server_correct.py avec la correction de la faille de On corrige cette faille avec la ligne suivante :
sécurité. Expliquez comment vous avez corrigé la faille. ```py
requete = "INSERT INTO chaines (txt,who) VALUES( %s , %s )"
v = (post["chaine"], cherrypy.request.remote.ip)
cursor.execute(requete, v)
```
La 1er ligne est la pour créé des requetes paramétrique et cette requette prend les parametre dans un scegond temps aprés
une verification par la librairei python.
## Question 5 ## Question 5
......
...@@ -12,14 +12,14 @@ class VulnerableApp(object): ...@@ -12,14 +12,14 @@ class VulnerableApp(object):
def index(self, **post): def index(self, **post):
cursor = self.conn.cursor() cursor = self.conn.cursor()
if cherrypy.request.method == "POST": if cherrypy.request.method == "POST":
requete = """INSERT INTO chaines (txt,who) VALUES( %s , %s )""" requete = "INSERT INTO chaines (txt,who) VALUES( %s , %s )"
v = (post["chaine"], cherrypy.request.remote.ip) v = (post["chaine"], cherrypy.request.remote.ip)
print("req: [" + requete + "]") print("req: [" + requete + "]")
cursor.execute(requete, v) cursor.execute(requete, v)
self.conn.commit() self.conn.commit()
chaines = [] chaines = []
cursor.execute("SELECT txt,who FROM chaines"); cursor.execute("SELECT txt,who FROM chaines")
for row in cursor.fetchall(): for row in cursor.fetchall():
chaines.append(row[0] + " envoye par: " + row[1]) chaines.append(row[0] + " envoye par: " + row[1])
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment