From 58fca8321770c5f8fde3e1233c9dca7dfbcddb12 Mon Sep 17 00:00:00 2001
From: YAO Kassy Junior Marc Arthur
<kassy-junior-marc-arthur.yao@imt-atlantique.net>
Date: Fri, 3 Apr 2020 11:33:01 +0200
Subject: [PATCH] =?UTF-8?q?Exam=20securit=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
README.md | 6 ++-
contre_mesure/test_table.sql | 79 ++++++++++++++++++++++++++++++++++++
2 files changed, 84 insertions(+), 1 deletion(-)
create mode 100644 contre_mesure/test_table.sql
diff --git a/README.md b/README.md
index af58cb5..f06083b 100644
--- a/README.md
+++ b/README.md
@@ -75,7 +75,11 @@ Nous avons acquis beaucoup de notions importantes concernant la sécurité relat
$ docker run --name mysql_db -d -e MYSQL_ROOT_PASSWORD=504633 -e MYSQL_DATABASE=test mysql:5.7
$ mysql -h 172.17.0.2 -u root -p504633 test < test_table.sql
```
- Ensuite, la base de données se lance dans le container d'adresse IP *172.17.0.2*.
+ Ensuite, la base de données se lance dans le container d'adresse IP *172.17.0.2*. Vous pourrez toujours vérifier l'adresse IP de votre container de base de donnée en faisant la commande:
+ ```sh
+ $ docker ps
+ $ docker inspect ID_DU_CONTAINER | grep IPAddress
+ ```
2. Tester l'API vulnérable aux attaques SQL et XSS dans un container :
Se rendre dans le répertoire ***attack***, puis exécuter les commandes ci-dessous.
diff --git a/contre_mesure/test_table.sql b/contre_mesure/test_table.sql
new file mode 100644
index 0000000..3ed4d7c
--- /dev/null
+++ b/contre_mesure/test_table.sql
@@ -0,0 +1,79 @@
+-- phpMyAdmin SQL Dump
+-- version 5.0.2
+-- https://www.phpmyadmin.net/
+--
+-- Host: localhost
+-- Generation Time: Apr 02, 2020 at 08:20 PM
+-- Server version: 10.4.11-MariaDB
+-- PHP Version: 7.4.4
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+
+--
+-- Database: `test`
+--
+CREATE DATABASE IF NOT EXISTS `test` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
+USE `test`;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `users`
+--
+
+CREATE TABLE `users` (
+ `id` int(11) NOT NULL,
+ `nom` text DEFAULT NULL,
+ `prenom` text DEFAULT NULL,
+ `email` text DEFAULT NULL,
+ `pass` text DEFAULT NULL,
+ `diplome` text DEFAULT NULL,
+ `reve` text DEFAULT NULL,
+ `date` timestamp NOT NULL DEFAULT current_timestamp()
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+--
+-- Dumping data for table `users`
+--
+
+INSERT INTO `users` (`id`, `nom`, `prenom`, `email`, `pass`, `diplome`, `reve`, `date`) VALUES
+(7, 'Merheb', 'Camil', 'mail_camil@gmail.com', 'camil', 'Ingénieur', 'Machine virtuelle marche', '2020-04-02 09:19:46'),
+(8, '<script>alert(\"Faille XSS\");</script>', '<script>alert(\"Je vous ai bien eu\");</script>', '<script>alert(\"Vous êtes nuls\");</script>', 'mama', '<script>alert(\"base de donnée vulnérable\");</script>', '<script>alert(\"Trop facile\");</script>', '2020-04-02 09:45:21'),
+(9, 'yao', 'marc arthur', 'mcarthur0711@yahoo.com', '$2y$10$5EiWiVC5XJ1h2iwy/y6TuO6Fta7euEtifn6/4RLqYpOAh0NxXpVC6', 'Master', 'Devenir Ninja', '2020-04-02 10:44:08'),
+(10, 'test2', 'tata', '<script>alert("Vous êtes nuls");</script>', '$2y$10$bOnvkBsjxtx66iLHjUsiSee60hRx8P1/J.essT956tj4pX4hhtzCO', 'Master', 'Nothing', '2020-04-02 10:48:36'),
+(11, 'good ', 'user', 'user@gmail.com', '$2y$10$g.w2qdB1ZislEqAgOtswnuVk.FA0yjRMTtm.LXeYdJrLNPuH4eQ1.', 'Something', 'Nothing', '2020-04-02 11:09:26'),
+(12, 'popo', 'popi', 'user2@gmail.com', '$2y$10$mdDM4voB91cFGJyNm7gpueb0rcSjv3eq6Ew/c2wKXkuZsr1ALLoIG', 'Ingénieur', 'ninja', '2020-04-02 11:47:35');
+
+--
+-- Indexes for dumped tables
+--
+
+--
+-- Indexes for table `users`
+--
+ALTER TABLE `users`
+ ADD PRIMARY KEY (`id`);
+
+--
+-- AUTO_INCREMENT for dumped tables
+--
+
+--
+-- AUTO_INCREMENT for table `users`
+--
+ALTER TABLE `users`
+ MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=13;
+COMMIT;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
--
GitLab