Automated-SecurityTesting-Demo/SecurityTestingDemo/Controllers/VulnerabilityController.cs at vulnerabilities-example · maartenderaedemaeker/Automated-SecurityTesting-Demo · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using Microsoft.AspNet.Identity;
using SecurityTestingDemo.Models;

namespace SecurityTestingDemo.Controllers
{
    public class VulnerabilityController : Controller
    {
        private readonly List<Employee> _users = new List<Employee>
        {
            new Employee
            {
                DateOfBirth = new DateTime(1971,1,1),
                Name = "User 1",
                PhoneNumber = "+33554468942"
            },
            new Employee
            {
                DateOfBirth = new DateTime(1982,2,2),
                Name = "User 2",
                PhoneNumber = "+43554488944"
            },
            new Employee
            {
                DateOfBirth = new DateTime(1993,3,3),
                Name = "User 3",
                PhoneNumber = "+49554486844"
            }
        };
        // GET: Vulnerability
        public ActionResult Index()
        {
            return View();
        }

        [ValidateInput(false)]
        public ActionResult ReflectedXss(string name)
        {
            var requestedName = name ?? "-name-";
            return View("ReflectedXss", model: requestedName);
        }

        public ActionResult SqlInjection(string name)
        {
            var userId = Guid.Empty;
            Guid.TryParse(HttpContext.User?.Identity?.GetUserId(), out userId);
            var connectionString = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;
            using (var connection = new SqlConnection(connectionString))
            {

                var query = $"SELECT Id, Name, PhoneNumber, DateOfBirth FROM Employees WHERE SupervisorId='{userId}'";

                if (name != null)
                {
                    query += $" AND name = '{name}'";
                }

                var cmd = connection.CreateCommand();
                cmd.CommandText = query;

                connection.Open();

                using (var reader = cmd.ExecuteReader())
                {
                    var results = new List<Employee>();

                    while (reader.Read())
                    {
                        results.Add(new Employee
                        {
                            Id = reader.GetGuid(0),
                            Name = reader.GetString(1),
                            PhoneNumber = reader.GetString(2),
                            DateOfBirth = reader.GetDateTime(3)
                        });
                    }

                    return View("SqlInjection", model: results);
                }
            }
        }
    }
}