protected void Page_Load(object sender, EventArgs e)
{
var xml = ParamUtils.GetParam(Request, "xml");
if (xml.Length <= 0)
{
XXEResults.Text = "upload your request";
}
else
{
var resolver = new XmlUrlResolver();
resolver.Credentials = CredentialCache.DefaultCredentials;
var xmlDoc = new XmlDocument();
xmlDoc.XmlResolver = resolver;
try
{
xmlDoc.LoadXml(xml);
}
catch (Exception) { }
ParamUtils.PrintOut(XXEResults, "Results of your request: " + string.Empty);
foreach (XmlNode xn in xmlDoc)
{
if (xn.Name == "user")
{
ParamUtils.PrintOut(XXEResults, "Results of your request: " +
jsEncode.Encode(xn.InnerText));
}
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
string name = ParamUtils.GetParam(Request, "name");
string pw = ParamUtils.GetParam(Request, "pw");
string res = "";
if (name.Length > 0)
{
var command = new SQLiteCommand(string.Format("SELECT * FROM users WHERE name = '{0}' and pw = '{1}'",
name, pw), DatabaseUtils._con);
using (var reader = command.ExecuteReader())
{
while (reader.Read())
{
res += reader["name"].ToString();
}
}
ParamUtils.PrintOut(SQLResults, "Successfully logged in as " + jsEncode.Encode(res));
}
if (res.Length == 0)
{
ParamUtils.PrintOut(SQLResults, "Please login by providing a valid username and password");
}
}
protected void Page_Load(object sender, EventArgs e)
{
var XmlDoc = new XmlDocument();
XmlDoc.LoadXml(UserPwPlain);
var nav = XmlDoc.CreateNavigator();
var name = ParamUtils.GetParam(Request, "name");
var pw = ParamUtils.GetParam(Request, "pw");
var query = "string(//user[name/text()='"
+ name
+ "' and password/text() ='"
+ pw + "']/account/text())";
var expr = nav.Compile(query);
var account = Convert.ToString(nav.Evaluate(expr));
if (account.Length <= 0)
{
ParamUtils.PrintOut(XPATHInjectionResults,
"Please login by providing a valid username and password");
}
else
{
ParamUtils.PrintOut(XPATHInjectionResults,
"Successfully logged in as " + jsEncode.Encode(name));
}
}
protected void Page_Load(object sender, EventArgs e)
{
var filename = ParamUtils.GetParam(Request, "filename");
if (string.IsNullOrEmpty(filename))
{
return;
}
ParamUtils.PrintOut(ContentSummary, "Content: " + File.ReadAllText(filename));
}
protected void Page_Load(object sender, EventArgs e)
{
var name = ParamUtils.GetParam(Request, "name");
var pw = ParamUtils.GetParam(Request, "pw");
if (Users.ContainsKey(name) && Users[name] == pw)
{
ParamUtils.PrintOut(BrokenAuthenticationResults, "Successfully logged in as " + jsEncode.Encode(name));
}
else
{
ParamUtils.PrintOut(BrokenAuthenticationResults, "Please login by providing a valid username and password");
}
}
protected void Page_Load(object sender, EventArgs e)
{
var role = ParamUtils.GetParam(Request, "role");
if (!role.Equals("admin"))
{
role = "user";
}
string id = ParamUtils.GetParam(Request, "id");
if (role.Equals("admin"))
{
Response.Redirect("/Admin?id=" + jsEncode.Encode(id));
}
else
{
ParamUtils.PrintOut(BrokenAccessControlResults, "Logged in as '" + jsEncode.Encode(role) + "'");
}
}
protected void Page_Load(object sender, EventArgs e)
{
var log = "";
string Msg(string msg)
{
return(new DateTime() + ":" + msg + "</br>");
}
if (ParamUtils.GetParam(Request, "showlogs").Length > 0)
{
log += Msg("[info] user 'alice' logged in");
log += Msg("[info] user 'claire' logged out");
log += Msg("[info] user 'bob' logged in");
log += Msg("[info] user 'bob' logged out");
log += Msg("[warn] /data is almost full");
}
ParamUtils.PrintOut(InsufficientLoggingResults, log);
}
protected void Page_Load(object sender, EventArgs e)
{
var userDoc = new XmlDocument();
userDoc.LoadXml(UserPwPlain);
var loginNav = userDoc.CreateNavigator();
var creditCardDoc = new XmlDocument();
creditCardDoc.LoadXml(UserCreditCardInfo);
var creditCardNav = creditCardDoc.CreateNavigator();
var login = ParamUtils.GetParam(Request, "name");
var pw = ParamUtils.GetParam(Request, "pw");
var cardprop = ParamUtils.GetParam(Request, "cardprop");
// authenticate user
var authQuery = "string(//user[name/text()='"
+ login
+ "' and password/text() ='"
+ pw + "']/account/text())";
var account = Convert.ToString(loginNav.Evaluate(loginNav.Compile(authQuery)));
if (account.Length <= 0)
{
ParamUtils.PrintOut(SensitiveDataExposureResults, "Please login by providing a valid username and password");
}
else
{
var cardno = "string(//user[name/text()='"
+ login
+ "']/" + cardprop + "/text())";
var creditCard = Convert.ToString(creditCardNav.Evaluate(creditCardNav.Compile(cardno)));
ParamUtils.PrintOut(SensitiveDataExposureResults, "'" + jsEncode.Encode(login)
+ "' successfully logged in; your card-number is '"
+ jsEncode.Encode(creditCard) + "'");
}
}
protected void Page_Load(object sender, EventArgs e)
{
TextEncoder jsEncode = new TextEncoder();
// TODO:
//https://docs.microsoft.com/en-us/dotnet/api/system.runtime.serialization.formatters.binary.binaryformatter?view=netframework-4.7.2
var xml = ParamUtils.GetParam(Request, "xml");
if (xml.Length > 0)
{
var ser_xml = new XmlSerializer(typeof(Executable));
try
{
var sread = new StringReader(xml);
var xread = XmlReader.Create(sread);
var exe = (Executable)ser_xml.Deserialize(xread);
ParamUtils.PrintOut(DeserializeResult, "Request results: \'" + jsEncode.Encode(exe.Run()) + "\'");
}
catch (Exception)
{
ParamUtils.PrintOut(DeserializeResult, "Request results: \'\'");
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
string id = ParamUtils.GetParam(Request, "id");
if (id.Length == 0)
{
id = "0";
}
if (id != "0")
{
var command = new SQLiteCommand($"DELETE FROM users WHERE id = {id}",
DatabaseUtils._con);
if (command.ExecuteNonQuery() > 0)
{
ParamUtils.PrintOut(AdminResults, "Deleted user with " + jsEncode.Encode(id));
}
else
{
ParamUtils.PrintOut(AdminResults, string.Empty);
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
var comment = ParamUtils.GetParam(Request, "comment");
ParamUtils.PrintOut(VulnerableComponentResults, $"your comment is \'" + vulnerable_asp_net_core.Utils.VulnerableComponent.process(comment) + "\'");
}
protected void Page_Load(object sender, EventArgs e)
{
var comment = ParamUtils.GetParam(Request, "comment");
ParamUtils.PrintOut(XSSInput, $"your comment is '{comment}'");
}