public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
tainted_2 = "hardcoded";
tainted_3 = tainted_2;
do
{
//No filtering (sanitization)
tainted_3 = tainted_2;
break;
}while((1 == 0));
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
tainted_2 = args[1];
tainted_3 = tainted_2;
for (int i_51049 = 0; i_51049 <= 1; i_51049++)
{
string regexSearch = new string(Path.GetInvalidFileNameChars()) + new string(Path.GetInvalidPathChars()) + ";";
Regex r = new Regex(string.Format("[{0}]", Regex.Escape(regexSearch)));
tainted_3 = r.Replace(tainted_2, "");
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public void setContentData(CheckDownloader data, string ProductType, int index)
{
createSearchData(data, ProductType, index);
rSearchLayer.transform.localPosition = new Vector3(-1f, 3.65f, 0);
for (int i = 0; i < searchName.Count; i++)
{
GameObject itemDetail = (GameObject)GameObject.Instantiate(rSearch);
itemDetail.SetActive(true);
itemDetail.transform.parent = rSearchLayer.transform;
itemDetail.transform.localPosition = new Vector3(1f, 0f - i * 0.81f, 0);
ResultSearch idt = itemDetail.GetComponent <ResultSearch>();
idt.setSearchContent(searchName[i], searchData[i]);
searchList.Add(itemDetail);
scrollSearchAreaHeight = i * 0.81f;
//Debug.Log(searchList.Count);
}
}
static async Task searchfight(string[] args)
{
List <ResultSearch> resultList = new List <ResultSearch>();
foreach (var language in args)
{
ResultSearch googleResult = await new GoogleSearch().searchAsync(language);
ResultSearch bingResult = await new BingSearch().searchAsync(language);
resultList.Add(googleResult);
resultList.Add(bingResult);
Console.WriteLine(string.Format("{0} : {1}:{2} {3}:{4}", language, googleResult.Engine, googleResult.Total, bingResult.Engine, bingResult.Total));
}
var winnerSearchEngine = resultList.OrderByDescending(x => x.Total).GroupBy(x => x.Engine)
.Select(e =>
{
var winner = e.FirstOrDefault();
return(new ResultSearch(e.Key, winner.Language, 1));
});
var totalWinner = resultList.GroupBy(e => e.Language)
.Select(e => new
{
Language = e.Key,
Total = e.Sum(m => m.Total)
})
.OrderByDescending(e => e.Total)
.FirstOrDefault();
foreach (var winner in winnerSearchEngine)
{
Console.WriteLine("{0} winner: {1}", winner.Engine, winner.Language);
}
if (totalWinner != null)
{
Console.WriteLine("Total winner: {0}", totalWinner.Language);
}
}
public async Task <ResultSearch> searchAsync(string language)
{
ResultSearch result = new ResultSearch();
var accessKey = ConfigurationManager.AppSettings["BingApiKey"];
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", accessKey);
var httpResponse = await client.GetAsync(uriBase + language);
var json = await httpResponse.Content.ReadAsStringAsync();
var response = JsonConvert.DeserializeObject <BingResponse>(json);
result.Engine = "BING";
result.Language = language;
result.Total = response.WebPages.TotalEstimatedMatches;
return(result);
}
}
public static void Main(string[] args)
{
string tainted_0 = null;
string tainted_5 = null;
tainted_0 = args[1];
tainted_5 = tainted_0;
Class_50323 var_50323 = new Class_50323(tainted_0);
tainted_5 = var_50323.get_var_50323();
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_5 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public async Task <ResultSearch> searchAsync(string language)
{
ResultSearch result = new ResultSearch();
string apiKey = ConfigurationManager.AppSettings["GoogleApiKey"];
string context = ConfigurationManager.AppSettings["GoogleApiContext"];
var queryString = string.Format("{0}?cx={1}&key={2}&q={3}", uriBase, context, apiKey, language);
using (var client = new HttpClient())
{
var httpResponse = await client.GetAsync(queryString);
var content = await httpResponse.Content.ReadAsStringAsync();
var response = JsonConvert.DeserializeObject <GoogleResponse>(content);
result.Engine = "GOOGLE";
result.Language = language;
result.Total = response.SearchInformation.TotalResults;
return(result);
}
}
// GET: Search
public ActionResult Index(string searchString)
{
//searchString = searchString.Trim();
acc = db.Account.Where(s => s.Username == User.Identity.Name).FirstOrDefault();
List <Account> resultAccounts = db.Account.Where(x => x.Username.StartsWith(searchString)).ToList();
resultAccounts = resultAccounts.Union(db.Account.Where(x => x.Fullname.Contains(searchString)).ToList()).ToList();
ViewBag.CurrentUser = acc;
ViewBag.Contacts = GetAllContact();
ViewBag.countResult = resultAccounts.Count;
ResultSearch result = new ResultSearch();
result.account = acc;
result.resultAccounts = resultAccounts;
return(View(result));
}
public async Task <IActionResult> ResultSearch([FromBody] string searchQueryText)
{
var resultSearch = new ResultSearch {
SearchEngineResults = new List <SearchEngineResult>()
};
var googleresult = await searchService.SearchOnGoogle(searchQueryText);
resultSearch.SearchEngineResults.Add(googleresult);
var bingresult = await searchService.SearchOnBing(searchQueryText);
resultSearch.SearchEngineResults.Add(bingresult);
var ecosiaresult = await searchService.SearchOnEcosia(searchQueryText);
resultSearch.SearchEngineResults.Add(ecosiaresult);
var gogoDuckresult = await searchService.SearchOnGoGoDuck(searchQueryText);
resultSearch.SearchEngineResults.Add(gogoDuckresult);
return(Ok(resultSearch));
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
tainted_2 = Console.ReadLine();
tainted_3 = tainted_2;
if ((4 + 2 >= 42))
{
StringBuilder escape = new StringBuilder();
for (int i = 0; i < tainted_2.Length; ++i)
{
char current = tainted_2[i];
switch (current)
{
case '\\':
escape.Append(@"\5c");
break;
case '*':
escape.Append(@"\2a");
break;
case '(':
escape.Append(@"\28");
break;
case ')':
escape.Append(@"\29");
break;
case '\u0000':
escape.Append(@"\00");
break;
case '/':
escape.Append(@"\2f");
break;
default:
escape.Append(current);
break;
}
}
tainted_3 = escape.ToString();
}
else if (!(4 + 2 >= 42))
{
{}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_2 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_2;
if ((1 == 0))
{
{}
}
else if (!(1 == 0))
{
//No filtering (sanitization)
tainted_3 = tainted_2;
}
else
{
{}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_2 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_2;
if ((Math.Sqrt(42) >= 42))
{
StringBuilder escape = new StringBuilder();
for (int i = 0; i < tainted_2.Length; ++i)
{
char current = tainted_2[i];
switch (current)
{
case '\\':
escape.Append(@"\5c");
break;
case '*':
escape.Append(@"\2a");
break;
case '(':
escape.Append(@"\28");
break;
case ')':
escape.Append(@"\29");
break;
case '\u0000':
escape.Append(@"\00");
break;
case '/':
escape.Append(@"\2f");
break;
default:
escape.Append(current);
break;
}
}
tainted_3 = escape.ToString();
}
else if (!(Math.Sqrt(42) >= 42))
{
{}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
// Use this for initialization
void Start()
{
pGlobal = this;
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_2 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_2;
while ((Math.Sqrt(42) <= 42))
{
StringBuilder text = new StringBuilder(tainted_2);
text.Replace("&", "&");
text.Replace("'", "'");
text.Replace(@"""", """);
text.Replace("<", "<");
text.Replace(">", ">");
tainted_3 = text.ToString();
break;
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_2 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_2;
switch (6)
{
case (6):
break;
default:
string regexSearch = new string(Path.GetInvalidFileNameChars()) + new string(Path.GetInvalidPathChars()) + ";";
Regex r = new Regex(string.Format("[{0}]", Regex.Escape(regexSearch)));
tainted_3 = r.Replace(tainted_2, "");
break;
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
string tainted_1 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_1 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_1;
string[] arr_1 = new string[4]; // declaring array
//Storing value in array element
arr_1[0] = null;
arr_1[1] = null;
arr_1[2] = null;
arr_1[3] = tainted_1;
foreach (string val_1 in arr_1)
{
if (val_1 != null)
{
tainted_2 = val_1;
string pattern = @"/^[0-9]*$/";
Regex r = new Regex(pattern);
Match m = r.Match(tainted_2);
if (!m.Success)
{
tainted_3 = "";
}
else
{
tainted_3 = tainted_2;
}
}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
string tainted_1 = null;
tainted_1 = args[1];
tainted_3 = tainted_1;
string[] arr_1 = new string[4]; // declaring array
//Storing value in array element
arr_1[0] = null;
arr_1[1] = null;
arr_1[2] = null;
arr_1[3] = tainted_1;
foreach (string val_1 in arr_1)
{
if (val_1 != null)
{
tainted_2 = val_1;
string pattern = @"/^[0-9]*$/";
Regex r = new Regex(pattern);
Match m = r.Match(tainted_2);
if (!m.Success)
{
tainted_3 = "";
}
else
{
tainted_3 = tainted_2;
}
}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
