protected void Page_Load(object sender, EventArgs e)
{
var userDoc = new XmlDocument();
userDoc.LoadXml(UserPwPlain);
var loginNav = userDoc.CreateNavigator();
var creditCardDoc = new XmlDocument();
creditCardDoc.LoadXml(UserCreditCardInfo);
var creditCardNav = creditCardDoc.CreateNavigator();
var login = ParamUtils.GetParam(Request, "name");
var pw = ParamUtils.GetParam(Request, "pw");
var cardprop = ParamUtils.GetParam(Request, "cardprop");
// authenticate user
var authQuery = "string(//user[name/text()='"
+ login
+ "' and password/text() ='"
+ pw + "']/account/text())";
var account = Convert.ToString(loginNav.Evaluate(loginNav.Compile(authQuery)));
if (account.Length <= 0)
{
ParamUtils.PrintOut(SensitiveDataExposureResults, "Please login by providing a valid username and password");
}
else
{
var cardno = "string(//user[name/text()='"
+ login
+ "']/" + cardprop + "/text())";
var creditCard = Convert.ToString(creditCardNav.Evaluate(creditCardNav.Compile(cardno)));
ParamUtils.PrintOut(SensitiveDataExposureResults, "'" + jsEncode.Encode(login)
+ "' successfully logged in; your card-number is '"
+ jsEncode.Encode(creditCard) + "'");
}
}
protected void Page_Load(object sender, EventArgs e)
{
TextEncoder jsEncode = new TextEncoder();
// TODO:
//https://docs.microsoft.com/en-us/dotnet/api/system.runtime.serialization.formatters.binary.binaryformatter?view=netframework-4.7.2
var xml = ParamUtils.GetParam(Request, "xml");
if (xml.Length > 0)
{
var ser_xml = new XmlSerializer(typeof(Executable));
try
{
var sread = new StringReader(xml);
var xread = XmlReader.Create(sread);
var exe = (Executable)ser_xml.Deserialize(xread);
ParamUtils.PrintOut(DeserializeResult, "Request results: \'" + jsEncode.Encode(exe.Run()) + "\'");
}
catch (Exception)
{
ParamUtils.PrintOut(DeserializeResult, "Request results: \'\'");
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
string id = ParamUtils.GetParam(Request, "id");
if (id.Length == 0)
{
id = "0";
}
if (id != "0")
{
var command = new SQLiteCommand($"DELETE FROM users WHERE id = {id}",
DatabaseUtils._con);
if (command.ExecuteNonQuery() > 0)
{
ParamUtils.PrintOut(AdminResults, "Deleted user with " + jsEncode.Encode(id));
}
else
{
ParamUtils.PrintOut(AdminResults, string.Empty);
}
}
}
protected override async Task <bool> PublishConfig(string dataId, string group, string tenant, string appName, string tag, string betaIps, string content)
{
group = ParamUtils.Null2DefaultGroup(group);
ParamUtils.CheckParam(dataId, group, content);
ConfigRequest cr = new ConfigRequest();
cr.SetDataId(dataId);
cr.SetTenant(tenant);
cr.SetGroup(group);
cr.SetContent(content);
// _configFilterChainManager.doFilter(cr, null);
content = cr.GetContent();
string url = Constants.CONFIG_CONTROLLER_PATH;
var parameters = new Dictionary <string, string>(6);
parameters["dataId"] = dataId;
parameters["group"] = group;
parameters["content"] = content;
if (tenant.IsNotNullOrWhiteSpace())
{
parameters["tenant"] = tenant;
}
if (appName.IsNotNullOrWhiteSpace())
{
parameters["appName"] = appName;
}
if (tag.IsNotNullOrWhiteSpace())
{
parameters["tag"] = tag;
}
var headers = new Dictionary <string, string>(1);
if (betaIps.IsNotNullOrWhiteSpace())
{
headers["betaIps"] = betaIps;
}
HttpResponseMessage result = null;
try
{
var timeOut = _options.DefaultTimeOut > 0 ? _options.DefaultTimeOut : POST_TIMEOUT;
result = await HttpPost(url, headers, parameters, "", timeOut);
}
catch (Exception ex)
{
_logger?.LogWarning(
ex,
"[{0}] [publish-single] exception, dataId={1}, group={2}, tenant={3}",
_agent.GetName(), dataId, group, tenant);
return(false);
}
if (result.StatusCode == System.Net.HttpStatusCode.OK)
{
_logger?.LogInformation(
"[{0}] [publish-single] ok, dataId={1}, group={2}, tenant={3}, config={4}",
_agent.GetName(), dataId, group, tenant, ContentUtils.TruncateContent(content));
return(true);
}
else if (result.StatusCode == System.Net.HttpStatusCode.Forbidden)
{
_logger?.LogWarning(
"[{0}] [publish-single] error, dataId={1}, group={2}, tenant={3}, code={4}, msg={5}",
_agent.GetName(), dataId, group, tenant, (int)result.StatusCode, result.StatusCode.ToString());
throw new NacosException((int)result.StatusCode, result.StatusCode.ToString());
}
else
{
_logger?.LogWarning(
"[{0}] [publish-single] error, dataId={1}, group={2}, tenant={3}, code={4}, msg={5}",
_agent.GetName(), dataId, group, tenant, (int)result.StatusCode, result.StatusCode.ToString());
return(false);
}
}
private async Task <string> GetConfigInner(string tenant, string dataId, string group, long timeoutMs)
{
group = ParamUtils.Null2DefaultGroup(group);
ParamUtils.CheckKeyParam(dataId, group);
ConfigResponse cr = new ConfigResponse();
cr.SetDataId(dataId);
cr.SetTenant(tenant);
cr.SetGroup(group);
string encryptedDataKey = string.Empty;
// 优先使用本地配置
string content = await FileLocalConfigInfoProcessor.GetFailoverAsync(_worker.GetAgentName(), dataId, group, tenant).ConfigureAwait(false);
if (content != null)
{
_logger?.LogWarning(
"[{0}] [get-config] get failover ok, dataId={1}, group={2}, tenant={3}, config={4}",
_worker.GetAgentName(), dataId, group, tenant, ContentUtils.TruncateContent(content));
cr.SetContent(content);
await FileLocalConfigInfoProcessor.GetEncryptDataKeyFailover(_worker.GetAgentName(), dataId, group, tenant).ConfigureAwait(false);
encryptedDataKey = string.Empty;
cr.SetEncryptedDataKey(encryptedDataKey);
_configFilterChainManager.DoFilter(null, cr);
content = cr.GetContent();
return(content);
}
try
{
ConfigResponse response = await _worker.GetServerConfig(dataId, group, tenant, timeoutMs, false).ConfigureAwait(false);
cr.SetContent(response.GetContent());
cr.SetEncryptedDataKey(response.GetEncryptedDataKey());
_configFilterChainManager.DoFilter(null, cr);
content = cr.GetContent();
return(content);
}
catch (NacosException ioe)
{
if (NacosException.NO_RIGHT == ioe.ErrorCode)
{
throw;
}
_logger?.LogWarning(
"[{0}] [get-config] get from server error, dataId={1}, group={2}, tenant={3}, msg={4}",
_worker.GetAgentName(), dataId, group, tenant, ioe.ErrorMsg);
}
_logger?.LogWarning(
"[{0}] [get-config] get snapshot ok, dataId={1}, group={2}, tenant={3}, config={4}",
_worker.GetAgentName(), dataId, group, tenant, ContentUtils.TruncateContent(content));
content = await FileLocalConfigInfoProcessor.GetSnapshotAync(_worker.GetAgentName(), dataId, group, tenant).ConfigureAwait(false);
cr.SetContent(content);
encryptedDataKey = await FileLocalConfigInfoProcessor.GetEncryptDataKeyFailover(_worker.GetAgentName(), dataId, group, tenant).ConfigureAwait(false);
cr.SetEncryptedDataKey(encryptedDataKey);
_configFilterChainManager.DoFilter(null, cr);
content = cr.GetContent();
return(content);
}
private async Task <bool> RemoveConfigInner(string tenant, string dataId, string group, string tag)
{
group = ParamUtils.Null2DefaultGroup(group);
ParamUtils.CheckKeyParam(dataId, group);
return(await _worker.RemoveConfig(dataId, group, tenant, tag).ConfigureAwait(false));
}
protected void Page_Load(object sender, EventArgs e)
{
var comment = ParamUtils.GetParam(Request, "comment");
ParamUtils.PrintOut(VulnerableComponentResults, $"your comment is \'" + vulnerable_asp_net_core.Utils.VulnerableComponent.process(comment) + "\'");
}
protected void Page_Load(object sender, EventArgs e)
{
var comment = ParamUtils.GetParam(Request, "comment");
ParamUtils.PrintOut(XSSInput, $"your comment is '{comment}'");
}