public static void Main(string[] args) { string tainted_2 = null; string tainted_3 = null; tainted_2 = args[1]; tainted_3 = tainted_2; if ((4 + 2 >= 42)) { StringBuilder escape = new StringBuilder(); for (int i = 0; i < tainted_2.Length; ++i) { char current = tainted_2[i]; switch (current) { case '\\': escape.Append(@"\5c"); break; case '*': escape.Append(@"\2a"); break; case '(': escape.Append(@"\28"); break; case ')': escape.Append(@"\29"); break; case '\u0000': escape.Append(@"\00"); break; case '/': escape.Append(@"\2f"); break; default: escape.Append(current); break; } } tainted_3 = escape.ToString(); } else { {} } //flaw string query = "(&(objectClass=person)(sn=" + tainted_3 + "))"; string strConnect = "LDAP://my.site.com/o=site,c=com"; using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){ string strResult = ""; System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query); System.DirectoryServices.DirectoryEntry CN_Result; CN_Main.AuthenticationType = AuthenticationTypes.None; foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll()) { if (ResultSearch != null) { CN_Result = ResultSearch.GetDirectoryEntry(); if ((string)CN_Result.Properties["userclass"][0] == "noname") { strResult = strResult + "Name : " + CN_Result.InvokeGet("sn"); } } } Console.WriteLine(strResult); } }
public static void Main(string[] args) { string tainted_2 = null; string tainted_3 = null; Process process = new Process(); process.StartInfo.FileName = "/bin/bash"; process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'"; process.StartInfo.UseShellExecute = false; process.StartInfo.RedirectStandardOutput = true; process.Start(); using (StreamReader reader = process.StandardOutput) { tainted_2 = reader.ReadToEnd(); process.WaitForExit(); process.Close(); } tainted_3 = tainted_2; if ((1 == 1)) { {} } else if (!(1 == 1)) { StringBuilder text = new StringBuilder(tainted_2); text.Replace("&", "&"); text.Replace("'", "'"); text.Replace(@"""", """); text.Replace("<", "<"); text.Replace(">", ">"); tainted_3 = text.ToString(); } else { {} } //flaw string query = "(&(objectClass=person)(sn=" + tainted_3 + "))"; string strConnect = "LDAP://my.site.com/o=site,c=com"; using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){ string strResult = ""; System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query); System.DirectoryServices.DirectoryEntry CN_Result; CN_Main.AuthenticationType = AuthenticationTypes.None; foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll()) { if (ResultSearch != null) { CN_Result = ResultSearch.GetDirectoryEntry(); if ((string)CN_Result.Properties["userclass"][0] == "noname") { strResult = strResult + "Name : " + CN_Result.InvokeGet("sn"); } } } Console.WriteLine(strResult); } }
public static void Main(string[] args) { string tainted_2 = null; string tainted_3 = null; Process process = new Process(); process.StartInfo.FileName = "/bin/bash"; process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'"; process.StartInfo.UseShellExecute = false; process.StartInfo.RedirectStandardOutput = true; process.Start(); using (StreamReader reader = process.StandardOutput) { tainted_2 = reader.ReadToEnd(); process.WaitForExit(); process.Close(); } tainted_3 = tainted_2; if ((4 + 2 >= 42)) { StringBuilder escape = new StringBuilder(); for (int i = 0; i < tainted_2.Length; ++i) { char current = tainted_2[i]; switch (current) { case '\\': escape.Append(@"\5c"); break; case '*': escape.Append(@"\2a"); break; case '(': escape.Append(@"\28"); break; case ')': escape.Append(@"\29"); break; case '\u0000': escape.Append(@"\00"); break; case '/': escape.Append(@"\2f"); break; default: escape.Append(current); break; } } tainted_3 = escape.ToString(); } else if (!(4 + 2 >= 42)) { {} } //flaw string query = "(&(objectClass=person)(sn=" + tainted_3 + "))"; string strConnect = "LDAP://my.site.com/o=site,c=com"; using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){ string strResult = ""; System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query); System.DirectoryServices.DirectoryEntry CN_Result; CN_Main.AuthenticationType = AuthenticationTypes.None; foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll()) { if (ResultSearch != null) { CN_Result = ResultSearch.GetDirectoryEntry(); if ((string)CN_Result.Properties["userclass"][0] == "noname") { strResult = strResult + "Name : " + CN_Result.InvokeGet("sn"); } } } Console.WriteLine(strResult); } }
public static void Main(string[] args) { string tainted_2 = null; string tainted_3 = null; Process process = new Process(); process.StartInfo.FileName = "/bin/bash"; process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'"; process.StartInfo.UseShellExecute = false; process.StartInfo.RedirectStandardOutput = true; process.Start(); using (StreamReader reader = process.StandardOutput) { tainted_2 = reader.ReadToEnd(); process.WaitForExit(); process.Close(); } tainted_3 = tainted_2; if ((4 + 2 >= 42)) { {} } else if (!(4 + 2 >= 42)) { string pattern = @"/^[0-9]*$/"; Regex r = new Regex(pattern); Match m = r.Match(tainted_2); if (!m.Success) { tainted_3 = ""; } else { tainted_3 = tainted_2; } } else { {} } //flaw string query = "(&(objectClass=person)(sn=" + tainted_3 + "))"; string strConnect = "LDAP://my.site.com/o=site,c=com"; using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){ string strResult = ""; System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query); System.DirectoryServices.DirectoryEntry CN_Result; CN_Main.AuthenticationType = AuthenticationTypes.None; foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll()) { if (ResultSearch != null) { CN_Result = ResultSearch.GetDirectoryEntry(); if ((string)CN_Result.Properties["userclass"][0] == "noname") { strResult = strResult + "Name : " + CN_Result.InvokeGet("sn"); } } } Console.WriteLine(strResult); } }
public static void Main(string[] args) { string tainted_2 = null; string tainted_3 = null; Process process = new Process(); process.StartInfo.FileName = "/bin/bash"; process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'"; process.StartInfo.UseShellExecute = false; process.StartInfo.RedirectStandardOutput = true; process.Start(); using (StreamReader reader = process.StandardOutput) { tainted_2 = reader.ReadToEnd(); process.WaitForExit(); process.Close(); } tainted_3 = tainted_2; if ((Math.Sqrt(42) <= 42)) { {} } else if (!(Math.Sqrt(42) <= 42)) { {} } else { string regexSearch = new string(Path.GetInvalidFileNameChars()) + new string(Path.GetInvalidPathChars()) + ";"; Regex r = new Regex(string.Format("[{0}]", Regex.Escape(regexSearch))); tainted_3 = r.Replace(tainted_2, ""); } //flaw string query = "(&(objectClass=person)(sn=" + tainted_3 + "))"; string strConnect = "LDAP://my.site.com/o=site,c=com"; using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){ string strResult = ""; System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query); System.DirectoryServices.DirectoryEntry CN_Result; CN_Main.AuthenticationType = AuthenticationTypes.None; foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll()) { if (ResultSearch != null) { CN_Result = ResultSearch.GetDirectoryEntry(); if ((string)CN_Result.Properties["userclass"][0] == "noname") { strResult = strResult + "Name : " + CN_Result.InvokeGet("sn"); } } } Console.WriteLine(strResult); } }
public static void Main(string[] args) { string tainted_2 = null; string tainted_3 = null; string tainted_1 = null; Process process = new Process(); process.StartInfo.FileName = "/bin/bash"; process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'"; process.StartInfo.UseShellExecute = false; process.StartInfo.RedirectStandardOutput = true; process.Start(); using (StreamReader reader = process.StandardOutput) { tainted_1 = reader.ReadToEnd(); process.WaitForExit(); process.Close(); } tainted_3 = tainted_1; string[] arr_1 = new string[4]; // declaring array //Storing value in array element arr_1[0] = null; arr_1[1] = null; arr_1[2] = null; arr_1[3] = tainted_1; foreach (string val_1 in arr_1) { if (val_1 != null) { tainted_2 = val_1; //No filtering (sanitization) tainted_3 = tainted_2; } } //flaw string query = "(&(objectClass=person)(sn=" + tainted_3 + "))"; string strConnect = "LDAP://my.site.com/o=site,c=com"; using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){ string strResult = ""; System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query); System.DirectoryServices.DirectoryEntry CN_Result; CN_Main.AuthenticationType = AuthenticationTypes.None; foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll()) { if (ResultSearch != null) { CN_Result = ResultSearch.GetDirectoryEntry(); if ((string)CN_Result.Properties["userclass"][0] == "noname") { strResult = strResult + "Name : " + CN_Result.InvokeGet("sn"); } } } Console.WriteLine(strResult); } }
public static void Main(string[] args) { string tainted_2 = null; string tainted_3 = null; string tainted_1 = null; tainted_1 = args[1]; tainted_3 = tainted_1; string[] arr_1 = new string[4]; // declaring array //Storing value in array element arr_1[0] = null; arr_1[1] = null; arr_1[2] = null; arr_1[3] = tainted_1; foreach (string val_1 in arr_1) { if (val_1 != null) { tainted_2 = val_1; string pattern = @"/^[0-9]*$/"; Regex r = new Regex(pattern); Match m = r.Match(tainted_2); if (!m.Success) { tainted_3 = ""; } else { tainted_3 = tainted_2; } } } //flaw string query = "(&(objectClass=person)(sn=" + tainted_3 + "))"; string strConnect = "LDAP://my.site.com/o=site,c=com"; using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){ string strResult = ""; System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query); System.DirectoryServices.DirectoryEntry CN_Result; CN_Main.AuthenticationType = AuthenticationTypes.None; foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll()) { if (ResultSearch != null) { CN_Result = ResultSearch.GetDirectoryEntry(); if ((string)CN_Result.Properties["userclass"][0] == "noname") { strResult = strResult + "Name : " + CN_Result.InvokeGet("sn"); } } } Console.WriteLine(strResult); } }