public IActionResult BrokenAuthentication()
{
var login = RequestUtils.GetIfDefined(Request, "name");
var pw = RequestUtils.GetIfDefined(Request, "pw");
if (Users.ContainsKey(login) && Users[login] == pw)
{
Show("Successfully logged in as " + _javaScriptEncoder.Encode(login));
}
else
{
Show("Please login by providing a valid username and password");
}
return(View());
}
public IActionResult XXE()
{
string xml = RequestUtils.GetIfDefined(Request, "xml");
if (xml.Length <= 0)
{
@ViewData["result"] = "upload your request";
}
else
{
var resolver = new XmlUrlResolver();
resolver.Credentials = CredentialCache.DefaultCredentials;
var xmlDoc = new XmlDocument();
xmlDoc.XmlResolver = resolver;
try
{
xmlDoc.LoadXml(xml);
}
catch (Exception)
{
}
Show("Results of your request: " + string.Empty);
foreach (XmlNode xn in xmlDoc)
{
if (xn.Name == "user")
{
Show("Results of your request: " + _javaScriptEncoder.Encode(xn.InnerText));
}
}
}
return(View());
}