public IActionResult BrokenAuthentication() { var login = RequestUtils.GetIfDefined(Request, "name"); var pw = RequestUtils.GetIfDefined(Request, "pw"); if (Users.ContainsKey(login) && Users[login] == pw) { Show("Successfully logged in as " + _javaScriptEncoder.Encode(login)); } else { Show("Please login by providing a valid username and password"); } return(View()); }
public IActionResult XXE() { string xml = RequestUtils.GetIfDefined(Request, "xml"); if (xml.Length <= 0) { @ViewData["result"] = "upload your request"; } else { var resolver = new XmlUrlResolver(); resolver.Credentials = CredentialCache.DefaultCredentials; var xmlDoc = new XmlDocument(); xmlDoc.XmlResolver = resolver; try { xmlDoc.LoadXml(xml); } catch (Exception) { } Show("Results of your request: " + string.Empty); foreach (XmlNode xn in xmlDoc) { if (xn.Name == "user") { Show("Results of your request: " + _javaScriptEncoder.Encode(xn.InnerText)); } } } return(View()); }