Presentation is loading. Please wait.

Presentation is loading. Please wait.

Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation.

Published byJuniper Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation."— Presentation transcript:

1 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. non validés… Redirection et renvois

2 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. Qu’est ce que c’est? Lorsque qu’une application web effectue une redirection en fonction d’un paramètre et accepte ces derniers sans les valider, ce qui cause de la redirection vers des sites malicieux.

3 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. Raison d’utilisations 1. Hameçonnage. 2. Virus et Malware.

4 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. Exemple de cas simple. Une personne met un lien sur un forum ou bien YouTube qui permet de télécharger un jeu, une musique ou « Whatever! » http://www.exemple.com/redirect.jsp?url=AttackerSite.com/download/HelloWorld.exe Si une application web possède une page «redirect.jsp», alors quelqu’un decide de vous jouer un tour… Vous recevez un Email qui vous dit que votre mot de passe a été modifier et ça vous demande si vous l’avez vraiment modifié si oui vous cliquez sur un boutton qui a ce lien… http://www.example.com/redirect.jsp?url=AttackerSite.com

5 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. Devinez la faille!

6 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. [HttpPost, AllowAnonymous, ValidateAntiForgeryToken] public ActionResult LogIn(UserViewModel model, string returnUrl) { if (ModelState.IsValid) { //On devrait normalement hash le password... PasswordHasher passwordHasher = new PasswordHasher(); User user = context.Users.FirstOrNull(u => u.Email == model.Email && passwordHasher.VerifyHashedPassword(u.Password, model.Password)); if (user != null) { //User found! now log in... FormsAuthentication.SetAuthCookie(model.Email, model.RememberMe); return Redirect(returnUrl); } else ModelState.AddModelError("", "Login details are wrong."); } // If we got this far, something failed, redisplay form return View(model); }

7 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. Solution? 1.Éviter d’utiliser des redirections. 2.Ne pas utiliser de paramètre visibles pour l’utilisateur… (ViewBag par exemple) 3.Validation manuelle!

8 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. Exemple de code parfait!

9 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. [HttpPost, AllowAnonymous, ValidateAntiForgeryToken] public ActionResult LogIn(UserViewModel model, string returnUrl) { if (ModelState.IsValid) { //On devrait normalement hash le password lors du register... PasswordHasher passwordHasher = new PasswordHasher(); User user = context.Users.FirstOrNull(u => u.Email == model.Email && passwordHasher.VerifyHashedPassword(u.Password, model.Password)); if (user != null) { //User found! now log in... FormsAuthentication.SetAuthCookie(model.Email, model.RememberMe); return RedirectToLocal (returnUrl); } else ModelState.AddModelError("", "Login details are wrong."); } //Si le model n’est pas valide… ou une erreur… return View(model); }

10 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. private ActionResult RedirectToLocal(string returnUrl) { if (Url.IsLocalUrl(returnUrl)) return Redirect(returnUrl); return RedirectToAction("Index", "Home"); }

11 Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation looks best on a medium or dark colored background. The text will be hard to read on very light or very dark backgrounds. https://www.google.com/accounts/Logout?service=wise&continue=http%3A%2F%2 Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCtHoIVxn3UvjLOYGKiAee lIHIBfLQnccEAAAQASAAUNTx5Pf4_____wFgvwWCARdjYS1wdWItMDQ2NjU4MjEwO TU2NjUzMsgBBOACAKgDAaoE5AFP0NHr5cHwFmWgKNs6HNTPVk7TWSV- CDHX83dKdGSWJ2ADoZNIxUHZwjAODRyDY_7nVtpuqSLOTef4xzVxDQ2U22MNbGak3 3Ur7i2jDB8LdYt9TbC3ifsXmklY5jl3Zpq4_lP7wagVfjt0-- tNPPGTR96NGbxgPvfHMq9ZsTXpjhc_lPlnyGjlWzF8yn437iaxhGRwYLt_CymifLO2YaJP kCm9nLpONtUM- mstUSpKQrP2VjjaZkbDtuK0naLLBV37aYEY4TzWQi8fQGN47z4XgpinBCna91zQayZjn2 wxccDCl0zgBAGgBhU%26num%3D0%26sig%3DAOD64_3Qi4qG3CRVHRI5AHSkSGuL 7HJqSA%26client%3Dca-pub- 0466582109566532%26adurl%3Dhttp%3A%2F%2Fwww.youtube.com Open redirect faille de Google

Download ppt "Edit the text with your own short phrases. The animation is already done for you; just copy and paste the slide into your existing presentation. This animation."

Similar presentations

De rien. Youre welcome Je dois I have to En vacances.

De rien. Youre welcome Je dois I have to En vacances.
Youre welcome. D_ R_ De rien I have to J_ d_ Je dois.

Youre welcome. D_ R_ De rien I have to J_ d_ Je dois.
Crime © 2011 wheresjenny.com 1. Crime © 2011 wheresjenny.com 2 THEFT of stealing someones car Thief PICKPOCKET PICKPOCKETER.

Crime © 2011 wheresjenny.com 1. Crime © 2011 wheresjenny.com 2 THEFT of stealing someones car Thief PICKPOCKET PICKPOCKETER.
AFNOG - 20061 Perte du Mot de passe Enable. AFNOG - 20062 Perte du mot du mot de passe enable Comment se connecter au routeur en cas de perte du mot de.

AFNOG Perte du Mot de passe Enable. AFNOG Perte du mot du mot de passe enable Comment se connecter au routeur en cas de perte du mot de.
Les pronoms accentués Emphasizing and clarifying whom you are talking about.

Les pronoms accentués Emphasizing and clarifying whom you are talking about.
Écriture créative: raconter une histoire Comment enrichir sa production écrite.

Écriture créative: raconter une histoire Comment enrichir sa production écrite.
Imagine wave JOHN LENNON (1940-1980) - IMAGINE -

Imagine wave JOHN LENNON ( ) - IMAGINE -
1 Perte du Mot de passe Enable. AFNOG2 Perte du mot du mot de passe enable Comment se connecter au routeur en cas de perte du mot de passe enable et en.

1 Perte du Mot de passe Enable. AFNOG2 Perte du mot du mot de passe enable Comment se connecter au routeur en cas de perte du mot de passe enable et en.
10 Survival Phrases Survival Answers 3/6 With Mr Angry Potato Head and Mrs. Mildly-Angry Carrot-Face.

10 Survival Phrases Survival Answers 3/6 With Mr Angry Potato Head and Mrs. Mildly-Angry Carrot-Face.
Animation du tp2 Traitement des exceptions Le bloc try/catch/finally

Animation du tp2 Traitement des exceptions Le bloc try/catch/finally
Changing World of Work Le monde du travailil change encore... Its been a hard days night... Media/Family/Peers – Expectations about work Médias, famille,

Changing World of Work Le monde du travailil change encore... Its been a hard days night... Media/Family/Peers – Expectations about work Médias, famille,
© Mark E. Damon - All Rights Reserved Round 1Round 2 Final Jeopardy.

© Mark E. Damon - All Rights Reserved Round 1Round 2 Final Jeopardy.
Imagine theres no heaven. Imagine quil ny ait pas de paradis. Its easy if you try. Cest facile si tu essaies. No hell below us. Pas denfer sous nous.

Imagine theres no heaven. Imagine quil ny ait pas de paradis. Its easy if you try. Cest facile si tu essaies. No hell below us. Pas denfer sous nous.
1. 2 Chairing a meeting… 3 OPENING Lets get started Lets start Shall we start Lets get down to work.

1. 2 Chairing a meeting… 3 OPENING Lets get started Lets start Shall we start Lets get down to work.
(March. 6, 2003) May 26, 2006 Western Kentucky University Motifs Questions & Answers Module 3 Chambre Add Corporate Logo Here EXIT.

(March. 6, 2003) May 26, 2006 Western Kentucky University Motifs Questions & Answers Module 3 Chambre Add Corporate Logo Here EXIT.
LA QUANTITE. THE QUANTITY To express an indeterminate quantity (some), we use: De la (féminin) ex: de la viande De l (in front of mute « h » or a vowel)

LA QUANTITE. THE QUANTITY To express an indeterminate quantity (some), we use: De la (féminin) ex: de la viande De l (in front of mute « h » or a vowel)
PRMS PRMS Concepts Categorisation Tree Ticket Progression Tickets Creation Assignment Groups Notifications to the Users.

PRMS PRMS Concepts Categorisation Tree Ticket Progression Tickets Creation Assignment Groups Notifications to the Users.
Quest-ce que tu aimes faire en vacances? To be able to give detailed opinions about your holidays.

Quest-ce que tu aimes faire en vacances? To be able to give detailed opinions about your holidays.
Les pronoms “y” et “en”.

Les pronoms “y” et “en”.
Les adverbes….

Les adverbes….

Similar presentations

Ads by Google