private String testInjection(String testSQL) // defination of query Testing code .................
{
TAntiSQLInjection anti = new TAntiSQLInjection(TDbVendor.DbVOracle);
String msg = "";
if (anti.isInjected(TextBox3.Text))
{
msg = "SQL injected found:";
for (int i = 0; i < anti.getSqlInjections().Count; i++)
{
msg = msg + Environment.NewLine + ("type: " + anti.getSqlInjections()[i].getType() + ", description: " + anti.getSqlInjections()[i].getDescription());
}
Session["Text1"] = txtUserName.Text.ToString();
Response.Redirect("encrypted_details.aspx");
}
else
{
msg = "Not injected !";
string str;
try
{
sqlCommand = "SELECT 'b' FROM dbo.UserLogin WHERE UserName='******' AND Password='******'";
Database db = Utilities.GetDatabase();
using (DbCommand dbCommand = db.GetSqlStringCommand(sqlCommand))
{
oEs = db.ExecuteScalar(dbCommand);
}
if (oEs != null)
{
strResult = oEs as string;
}
if (!string.IsNullOrEmpty(strResult))
{
Session["Text1"] = txtUserName.Text.ToString();
lblDisplayErr.Text = "Login successful";
FakeCookies();
Response.Redirect("details.aspx");
}
else
{
//Response.Redirect("LoginPage.aspx?strErr=Invalid Username or Password");
MessageBox.Show("Invalid Username or Password");
}
HideLabel();
}
catch (Exception ex)
{
}
}
return(msg);
}
private String testInjection(String testSQL)
{
TAntiSQLInjection anti = new TAntiSQLInjection(TDbVendor.DbVOracle);
String msg = "";
if (anti.isInjected(TextBox3.Text))
{
msg = "SQL injected found:<br />";
for (int i = 0; i < anti.getSqlInjections().Count; i++)
{
msg = msg + Environment.NewLine + ("Type: " + anti.getSqlInjections()[i].getType() + "<br />Description: " + anti.getSqlInjections()[i].getDescription());
}
}
else
{
msg = "Not injected !";
string str;
try
{
sqlCommand = "SELECT 'b' FROM dbo.tbl_users WHERE username='******' AND password='******'";
Database db = Utilities.GetDatabase();
using (DbCommand dbCommand = db.GetSqlStringCommand(sqlCommand))
{
oEs = db.ExecuteScalar(dbCommand);
}
if (oEs != null)
{
strResult = oEs as string;
}
if (!string.IsNullOrEmpty(strResult))
{
lblDisplayErr.Text = "Login successful";
FakeCookies();
}
else
{
Response.Redirect("secure_login.aspx?strErr=Invalid Username or Password");
}
HideLabel();
}
catch (Exception ex)
{
}
}
return(msg);
}
private String testInjection(String testSQL)//**************Code for Testing Query***********************
{
TAntiSQLInjection anti = new TAntiSQLInjection(TDbVendor.DbVOracle);
String msg = "";
if (anti.isInjected(txtInputSQL.Text))
{
msg = "SQL injected found:";
for (int i = 0; i < anti.getSqlInjections().Count; i++)
{
msg = msg + Environment.NewLine + ("type: " + anti.getSqlInjections()[i].getType() + ", description: " + anti.getSqlInjections()[i].getDescription());
}
}
else
{
msg = "Not injected !";
string str;
str = txtInputSQL.Text;
try
{
SqlCommand cmd = new SqlCommand(str, con);
cmd.Connection.Open();
cmd.ExecuteNonQuery();
cmd.Connection.Close();
SqlCommand commandObj = new SqlCommand(str, con);
SqlDataReader readerObj;
con.Open();
readerObj = commandObj.ExecuteReader();
GridView1.DataSource = readerObj;
GridView1.DataBind();
con.Close();
}
catch (Exception ex)
{
txtOutput0.Text = ex.Message;
}
}
return(msg);
}
private String testInjection(String testSQL)
{
TAntiSQLInjection anti = new TAntiSQLInjection(TDbVendor.DbVOracle);
String msg = "";
if (anti.isInjected(txtInputSQL.Text))
{
msg = "SQL injected found:";
for (int i = 0; i < anti.getSqlInjections().Count; i++)
{
msg = msg + Environment.NewLine + ("type: " + anti.getSqlInjections()[i].getType() + ", description: " + anti.getSqlInjections()[i].getDescription());
}
}
else
{
msg = "Not injected !";
}
return(msg);
}