This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1st challenge : | |
https://xss-game.appspot.com/level1/frame?query=<script>alert(1)</script> | |
2nd challenge : | |
<img src=x onerror=alert(1)> | |
3rd challenge : | |
https://xss-game.appspot.com/level3/frame#3' onerror=alert(1)> | |
4th challenge : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Sécurité en tant qu'utilisateur : se déconnecter tout de suite après avoir utilisé une application web est une pratique recommandée par l'OWASP. | |
A - Vrai | |
2. Sécurité en tant qu'utilisateur : utiliser un navigateur pour accéder à des applications web sensibles et un autre navigateur pour naviguer sur le web librement est une pratique recommandée par l'OWASP. | |
A - Vrai | |
3. Sécurité en tant qu'utilisateur : le tabbed browsing (le fait de naviguer sur le web en ouvrant plusieurs onglets) augmente ta vulnérabilité aux attaques CSRF. | |
A - Vrai | |
4. Sécurité en tant qu'utilisateur : permettre aux applications web de se « souvenir » de tes identifiants est une pratique recommandée par l'OWASP. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Your Gruyere instance id is 537325677489646067146943635839871204972. | |
signup : Meow / 88pFV(t.8 | |
Create account : https://google-gruyere.appspot.com/537325677489646067146943635839871204972/newaccount.gtl | |
After create account : https://google-gruyere.appspot.com/537325677489646067146943635839871204972/saveprofile?action=new&uid=Meow&pw=88pFV(t.8&is_author=True | |
New snippet : https://google-gruyere.appspot.com/537325677489646067146943635839871204972/newsnippet.gtl | |
Delete snippet : https://google-gruyere.appspot.com/537325677489646067146943635839871204972/snippets.gtl# | |
In inspector after delete : https://google-gruyere.appspot.com/537325677489646067146943635839871204972/deletesnippet?index=0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const { verifyPassword, findByEmail } = require("../models/user"); | |
const authRouter = require("express").Router(); | |
authRouter.post("/checkCredentials", async (req, res) => { | |
const { email, password } = req.body; | |
const isEmail = await findByEmail(email); | |
if (!isEmail) | |
return res.status(401).json("Incorrect email or wrong password"); | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// folder routes | |
const moviesRouter = require('./movies'); | |
const setupRoutes = (app) => { | |
app.use('/api/movies', moviesRouter); | |
}; | |
module.exports = { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const connection = require('./db-config'); | |
const { setupRoutes } = require('./routes'); | |
const express = require('express'); | |
const app = express(); | |
const Joi = require('joi'); | |
const port = process.env.PORT || 3000; | |
connection.connect((err) => { | |
if (err) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mysql> select t.name, count(*) as nb_student | |
-> from player p | |
-> join team t on t.id=p.team_id | |
-> group by t.name | |
-> order by nb_student desc; | |
+------------+------------+ | |
| name | nb_student | | |
+------------+------------+ | |
| Gryffindor | 36 | | |
| Slytherin | 21 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mysql> SELECT lastname, firstname, role, name | |
-> FROM wizard | |
-> JOIN player ON wizard.id=player.wizard_id | |
-> JOIN team ON team.id=player.team_id | |
-> ORDER BY name ASC, role ASC, lastname ASC, firstname ASC; | |
+-----------------+-------------+--------+------------+ | |
| lastname | firstname | role | name | | |
+-----------------+-------------+--------+------------+ | |
| Black | Sirius | beater | Gryffindor | | |
| Brown | Lavender | beater | Gryffindor | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const connection = require('./db-config'); | |
const express = require('express'); | |
const app = express(); | |
const port = process.env.PORT || 3000; | |
connection.connect((err) => { | |
if (err) { | |
console.error('error connecting: ' + err.stack); | |
} else { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const connection = require("./db-config"); | |
const express = require("express"); | |
const app = express(); | |
const port = process.env.PORT || 3000; | |
connection.connect((err) => { | |
if (err) { | |
console.error("error connecting: " + err.stack); | |
} else { |