Exemple #1
0
        protected void Page_Load(object sender, EventArgs e)
        {
            var userDoc = new XmlDocument();

            userDoc.LoadXml(UserPwPlain);
            var loginNav = userDoc.CreateNavigator();

            var creditCardDoc = new XmlDocument();

            creditCardDoc.LoadXml(UserCreditCardInfo);
            var creditCardNav = creditCardDoc.CreateNavigator();

            var login    = ParamUtils.GetParam(Request, "name");
            var pw       = ParamUtils.GetParam(Request, "pw");
            var cardprop = ParamUtils.GetParam(Request, "cardprop");

            // authenticate user
            var authQuery = "string(//user[name/text()='"
                            + login
                            + "' and password/text() ='"
                            + pw + "']/account/text())";

            var account = Convert.ToString(loginNav.Evaluate(loginNav.Compile(authQuery)));

            if (account.Length <= 0)
            {
                ParamUtils.PrintOut(SensitiveDataExposureResults, "Please login by providing a valid username and password");
            }
            else
            {
                var cardno = "string(//user[name/text()='"
                             + login
                             + "']/" + cardprop + "/text())";

                var creditCard = Convert.ToString(creditCardNav.Evaluate(creditCardNav.Compile(cardno)));
                ParamUtils.PrintOut(SensitiveDataExposureResults, "'" + jsEncode.Encode(login)
                                    + "' successfully logged in; your card-number is '"
                                    + jsEncode.Encode(creditCard) + "'");
            }
        }
Exemple #2
0
        protected void Page_Load(object sender, EventArgs e)
        {
            TextEncoder jsEncode = new TextEncoder();
            // TODO:
            //https://docs.microsoft.com/en-us/dotnet/api/system.runtime.serialization.formatters.binary.binaryformatter?view=netframework-4.7.2
            var xml = ParamUtils.GetParam(Request, "xml");

            if (xml.Length > 0)
            {
                var ser_xml = new XmlSerializer(typeof(Executable));
                try
                {
                    var sread = new StringReader(xml);
                    var xread = XmlReader.Create(sread);
                    var exe   = (Executable)ser_xml.Deserialize(xread);
                    ParamUtils.PrintOut(DeserializeResult, "Request results: \'" + jsEncode.Encode(exe.Run()) + "\'");
                }
                catch (Exception)
                {
                    ParamUtils.PrintOut(DeserializeResult, "Request results: \'\'");
                }
            }
        }
        protected void Page_Load(object sender, EventArgs e)
        {
            string id = ParamUtils.GetParam(Request, "id");

            if (id.Length == 0)
            {
                id = "0";
            }

            if (id != "0")
            {
                var command = new SQLiteCommand($"DELETE FROM users WHERE id = {id}",
                                                DatabaseUtils._con);

                if (command.ExecuteNonQuery() > 0)
                {
                    ParamUtils.PrintOut(AdminResults, "Deleted user with " + jsEncode.Encode(id));
                }
                else
                {
                    ParamUtils.PrintOut(AdminResults, string.Empty);
                }
            }
        }
Exemple #4
0
        protected override async Task <bool> PublishConfig(string dataId, string group, string tenant, string appName, string tag, string betaIps, string content)
        {
            group = ParamUtils.Null2DefaultGroup(group);
            ParamUtils.CheckParam(dataId, group, content);

            ConfigRequest cr = new ConfigRequest();

            cr.SetDataId(dataId);
            cr.SetTenant(tenant);
            cr.SetGroup(group);
            cr.SetContent(content);

            // _configFilterChainManager.doFilter(cr, null);
            content = cr.GetContent();

            string url = Constants.CONFIG_CONTROLLER_PATH;

            var parameters = new Dictionary <string, string>(6);

            parameters["dataId"]  = dataId;
            parameters["group"]   = group;
            parameters["content"] = content;

            if (tenant.IsNotNullOrWhiteSpace())
            {
                parameters["tenant"] = tenant;
            }
            if (appName.IsNotNullOrWhiteSpace())
            {
                parameters["appName"] = appName;
            }
            if (tag.IsNotNullOrWhiteSpace())
            {
                parameters["tag"] = tag;
            }

            var headers = new Dictionary <string, string>(1);

            if (betaIps.IsNotNullOrWhiteSpace())
            {
                headers["betaIps"] = betaIps;
            }

            HttpResponseMessage result = null;

            try
            {
                var timeOut = _options.DefaultTimeOut > 0 ? _options.DefaultTimeOut : POST_TIMEOUT;
                result = await HttpPost(url, headers, parameters, "", timeOut);
            }
            catch (Exception ex)
            {
                _logger?.LogWarning(
                    ex,
                    "[{0}] [publish-single] exception, dataId={1}, group={2}, tenant={3}",
                    _agent.GetName(), dataId, group, tenant);

                return(false);
            }

            if (result.StatusCode == System.Net.HttpStatusCode.OK)
            {
                _logger?.LogInformation(
                    "[{0}] [publish-single] ok, dataId={1}, group={2}, tenant={3}, config={4}",
                    _agent.GetName(), dataId, group, tenant, ContentUtils.TruncateContent(content));

                return(true);
            }
            else if (result.StatusCode == System.Net.HttpStatusCode.Forbidden)
            {
                _logger?.LogWarning(
                    "[{0}] [publish-single] error, dataId={1}, group={2}, tenant={3}, code={4}, msg={5}",
                    _agent.GetName(), dataId, group, tenant, (int)result.StatusCode, result.StatusCode.ToString());
                throw new NacosException((int)result.StatusCode, result.StatusCode.ToString());
            }
            else
            {
                _logger?.LogWarning(
                    "[{0}] [publish-single] error, dataId={1}, group={2}, tenant={3}, code={4}, msg={5}",
                    _agent.GetName(), dataId, group, tenant, (int)result.StatusCode, result.StatusCode.ToString());
                return(false);
            }
        }
Exemple #5
0
        private async Task <string> GetConfigInner(string tenant, string dataId, string group, long timeoutMs)
        {
            group = ParamUtils.Null2DefaultGroup(group);
            ParamUtils.CheckKeyParam(dataId, group);
            ConfigResponse cr = new ConfigResponse();

            cr.SetDataId(dataId);
            cr.SetTenant(tenant);
            cr.SetGroup(group);

            string encryptedDataKey = string.Empty;

            // 优先使用本地配置
            string content = await FileLocalConfigInfoProcessor.GetFailoverAsync(_worker.GetAgentName(), dataId, group, tenant).ConfigureAwait(false);

            if (content != null)
            {
                _logger?.LogWarning(
                    "[{0}] [get-config] get failover ok, dataId={1}, group={2}, tenant={3}, config={4}",
                    _worker.GetAgentName(), dataId, group, tenant, ContentUtils.TruncateContent(content));

                cr.SetContent(content);

                await FileLocalConfigInfoProcessor.GetEncryptDataKeyFailover(_worker.GetAgentName(), dataId, group, tenant).ConfigureAwait(false);

                encryptedDataKey = string.Empty;
                cr.SetEncryptedDataKey(encryptedDataKey);

                _configFilterChainManager.DoFilter(null, cr);
                content = cr.GetContent();
                return(content);
            }

            try
            {
                ConfigResponse response = await _worker.GetServerConfig(dataId, group, tenant, timeoutMs, false).ConfigureAwait(false);

                cr.SetContent(response.GetContent());
                cr.SetEncryptedDataKey(response.GetEncryptedDataKey());

                _configFilterChainManager.DoFilter(null, cr);
                content = cr.GetContent();

                return(content);
            }
            catch (NacosException ioe)
            {
                if (NacosException.NO_RIGHT == ioe.ErrorCode)
                {
                    throw;
                }

                _logger?.LogWarning(
                    "[{0}] [get-config] get from server error, dataId={1}, group={2}, tenant={3}, msg={4}",
                    _worker.GetAgentName(), dataId, group, tenant, ioe.ErrorMsg);
            }

            _logger?.LogWarning(
                "[{0}] [get-config] get snapshot ok, dataId={1}, group={2}, tenant={3}, config={4}",
                _worker.GetAgentName(), dataId, group, tenant, ContentUtils.TruncateContent(content));

            content = await FileLocalConfigInfoProcessor.GetSnapshotAync(_worker.GetAgentName(), dataId, group, tenant).ConfigureAwait(false);

            cr.SetContent(content);

            encryptedDataKey = await FileLocalConfigInfoProcessor.GetEncryptDataKeyFailover(_worker.GetAgentName(), dataId, group, tenant).ConfigureAwait(false);

            cr.SetEncryptedDataKey(encryptedDataKey);

            _configFilterChainManager.DoFilter(null, cr);
            content = cr.GetContent();
            return(content);
        }
Exemple #6
0
 private async Task <bool> RemoveConfigInner(string tenant, string dataId, string group, string tag)
 {
     group = ParamUtils.Null2DefaultGroup(group);
     ParamUtils.CheckKeyParam(dataId, group);
     return(await _worker.RemoveConfig(dataId, group, tenant, tag).ConfigureAwait(false));
 }
Exemple #7
0
        protected void Page_Load(object sender, EventArgs e)
        {
            var comment = ParamUtils.GetParam(Request, "comment");

            ParamUtils.PrintOut(VulnerableComponentResults, $"your comment is \'" + vulnerable_asp_net_core.Utils.VulnerableComponent.process(comment) + "\'");
        }
        protected void Page_Load(object sender, EventArgs e)
        {
            var comment = ParamUtils.GetParam(Request, "comment");

            ParamUtils.PrintOut(XSSInput, $"your comment is '{comment}'");
        }