Académique Documents
Professionnel Documents
Culture Documents
TRAVAUX DIRIGES
Filière : Licence 3 IRT-ESGIS Option Architecture Logicielle
Exercice 1
1
j. Password Guessing
k. Slowloris
Exercice 2
Il souhaite ta contribution pour améliorer son application afin qu’elle soit sécurisée.
Que lui conseilleras-tu ?
Exercice 3
Exercice 4
REPONSE :
En notifiant que le username est incorrect
Il n’a pas filter les données
L’utilisateur peut supprimer la ligne et mettre autre fichier autre que
php(null byte injection)
On doit éviter que dans le nom de page on puisse mettre des %00
2
3
Document 1 o
<?php
require_once ’header.php’
?>
<?php
if (isset($_POST["submit"]))
{
if (empty($_POST[’ip’]))
$error = "IP field is required.";
else
{
$ip = $_POST[’ip’];
echo "<pre>";
system("nmap −A ".$ip);
echo "</pre>";
}
}
require_once(’footer.php’);
?>
4
Document 1
$username = $_GET[’username’];
$password = $_GET[’password’] ;
$countuser = mysql_fetch_row($sqluser) ;
if ($countuser[0] == 0) {
$errormsg = "Your Username is incorrect. Please try again";
} else {
$sqlpass = mysql_query("SELECT COUNT(*) FROM users WHERE username
= ’".$username."’ AND password = ’".$password."’");
$countpass = mysql_fetch_row($sqlpass);
if ($countpass[0] == 0) {
$errormsg = "Your Password is incorrect. Please try again";
} else {
$page = $_GET[’page’];
if (file_exists(’pages/’.$page.’.php’)) {
include(’pages/’.$page.’.php’);
...
}
}
}
Document 1
$username = $_GET[’username’];
$password = $_GET[’password’] ;
$countuser = mysql_fetch_row($sqluser) ;
if ($countuser[0] == 0) {
$errormsg = "Your Username is incorrect. Please try again";
} else {
$sqlpass = mysql_query("SELECT COUNT(*) FROM users WHERE username
= ’".$username."’ AND password = ’".$password."’");
$countpass = mysql_fetch_row($sqlpass);
if ($countpass[0] == 0) {
$errormsg = "Your Password is incorrect. Please try again";
} else {
$page = $_GET[’page’];
if (file_exists(’pages/’.$page.’.php’)) {
include(’pages/’.$page.’.php’);
...
}
}
}
5
6