public ActionResult SqlInjection(InsecureHelper helper)
{
string sqlToExecute = "delete from People where Id = " + helper.Statement;
string connectionString = _context.Database.Connection.ConnectionString;
int rowsAffected = 0;
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand(sqlToExecute, connection);
connection.Open();
rowsAffected = command.ExecuteNonQuery();
}
//Now reload data, set attributes and reload previous view
InsecureHelper newHelper = new InsecureHelper(_context);
newHelper.ProcessedStatement = sqlToExecute;
newHelper.RowsAffected = rowsAffected;
return(View("SqlInjection", newHelper));
}
public ActionResult XSS()
{
InsecureHelper helper = new InsecureHelper(_context);
return(View("XSS", helper));
}
public ActionResult SqlInjection()
{
InsecureHelper helper = new InsecureHelper(_context);
return(View("SqlInjection", helper));
}
