21/01/2016
Filtrer, valider, sanitizer toutes vos entrées
Soyez stupide !
N'essayez pas d'être malin !
// FIXME: find a way to escape the flag to prevent mysql injection
// for now it is not possible but we don't
// necessarily know who will use this DAO.
$username = $_GET['name'];
$password = $_GET['password'];
$res = $mysqli->query("SELECT * FROM user WHERE name = '$username'
AND password = '$password'");
$username = "Le_suisse";
$password = "alpacas_are_not_llamas!";
$res = $mysqli->query("SELECT * FROM user WHERE name = '$username'
AND password = '$password'");
$username = "Le_suisse";
$password = "alpacas_are_not_llamas!' OR '1'='1";
$res = $mysqli->query("SELECT * FROM user WHERE name = '$username'
AND password = '$password'");
SELECT * FROM user WHERE name = 'Le_suisse' AND
password = 'alpacas_are_not_llamas!' OR '1'='1';
$sha1 = $_GET['rev'];
exec('git cat-file -p ' . $sha1, $output);
$sha1 = '660cd7; chmod -R 777 /';
exec('git cat-file -p ' . $sha1, $output);
$html = '<tr>
<td>'. $this->getLabel() .':</td>
</tr>';
return $html;
$html = '<tr>
<td>'. 'submitted_by' .':</td>
</tr>';
return $html;
$html = '<tr>
<td>'. '<script>alert("Securimag")</script>' .':</td>
</tr>';
return $html;
Non vérification de la légitimité d'une requête avant un changement d'état
Maintenue et testée !