public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
tainted_2 = args[1];
tainted_3 = tainted_2;
if ((4 + 2 >= 42))
{
StringBuilder escape = new StringBuilder();
for (int i = 0; i < tainted_2.Length; ++i)
{
char current = tainted_2[i];
switch (current)
{
case '\\':
escape.Append(@"\5c");
break;
case '*':
escape.Append(@"\2a");
break;
case '(':
escape.Append(@"\28");
break;
case ')':
escape.Append(@"\29");
break;
case '\u0000':
escape.Append(@"\00");
break;
case '/':
escape.Append(@"\2f");
break;
default:
escape.Append(current);
break;
}
}
tainted_3 = escape.ToString();
}
else
{
{}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_2 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_2;
if ((1 == 1))
{
{}
}
else if (!(1 == 1))
{
StringBuilder text = new StringBuilder(tainted_2);
text.Replace("&", "&");
text.Replace("'", "'");
text.Replace(@"""", """);
text.Replace("<", "<");
text.Replace(">", ">");
tainted_3 = text.ToString();
}
else
{
{}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_2 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_2;
if ((4 + 2 >= 42))
{
StringBuilder escape = new StringBuilder();
for (int i = 0; i < tainted_2.Length; ++i)
{
char current = tainted_2[i];
switch (current)
{
case '\\':
escape.Append(@"\5c");
break;
case '*':
escape.Append(@"\2a");
break;
case '(':
escape.Append(@"\28");
break;
case ')':
escape.Append(@"\29");
break;
case '\u0000':
escape.Append(@"\00");
break;
case '/':
escape.Append(@"\2f");
break;
default:
escape.Append(current);
break;
}
}
tainted_3 = escape.ToString();
}
else if (!(4 + 2 >= 42))
{
{}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_2 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_2;
if ((4 + 2 >= 42))
{
{}
}
else if (!(4 + 2 >= 42))
{
string pattern = @"/^[0-9]*$/";
Regex r = new Regex(pattern);
Match m = r.Match(tainted_2);
if (!m.Success)
{
tainted_3 = "";
}
else
{
tainted_3 = tainted_2;
}
}
else
{
{}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_2 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_2;
if ((Math.Sqrt(42) <= 42))
{
{}
}
else if (!(Math.Sqrt(42) <= 42))
{
{}
}
else
{
string regexSearch = new string(Path.GetInvalidFileNameChars()) + new string(Path.GetInvalidPathChars()) + ";";
Regex r = new Regex(string.Format("[{0}]", Regex.Escape(regexSearch)));
tainted_3 = r.Replace(tainted_2, "");
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
string tainted_1 = null;
Process process = new Process();
process.StartInfo.FileName = "/bin/bash";
process.StartInfo.Arguments = "-c 'cat /tmp/tainted.txt'";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
process.Start();
using (StreamReader reader = process.StandardOutput) {
tainted_1 = reader.ReadToEnd();
process.WaitForExit();
process.Close();
}
tainted_3 = tainted_1;
string[] arr_1 = new string[4]; // declaring array
//Storing value in array element
arr_1[0] = null;
arr_1[1] = null;
arr_1[2] = null;
arr_1[3] = tainted_1;
foreach (string val_1 in arr_1)
{
if (val_1 != null)
{
tainted_2 = val_1;
//No filtering (sanitization)
tainted_3 = tainted_2;
}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
public static void Main(string[] args)
{
string tainted_2 = null;
string tainted_3 = null;
string tainted_1 = null;
tainted_1 = args[1];
tainted_3 = tainted_1;
string[] arr_1 = new string[4]; // declaring array
//Storing value in array element
arr_1[0] = null;
arr_1[1] = null;
arr_1[2] = null;
arr_1[3] = tainted_1;
foreach (string val_1 in arr_1)
{
if (val_1 != null)
{
tainted_2 = val_1;
string pattern = @"/^[0-9]*$/";
Regex r = new Regex(pattern);
Match m = r.Match(tainted_2);
if (!m.Success)
{
tainted_3 = "";
}
else
{
tainted_3 = tainted_2;
}
}
}
//flaw
string query = "(&(objectClass=person)(sn=" + tainted_3 + "))";
string strConnect = "LDAP://my.site.com/o=site,c=com";
using (System.DirectoryServices.DirectoryEntry CN_Main = new System.DirectoryServices.DirectoryEntry(strConnect)){
string strResult = "";
System.DirectoryServices.DirectorySearcher DirSearcher = new System.DirectoryServices.DirectorySearcher(CN_Main, query);
System.DirectoryServices.DirectoryEntry CN_Result;
CN_Main.AuthenticationType = AuthenticationTypes.None;
foreach (System.DirectoryServices.SearchResult ResultSearch in DirSearcher.FindAll())
{
if (ResultSearch != null)
{
CN_Result = ResultSearch.GetDirectoryEntry();
if ((string)CN_Result.Properties["userclass"][0] == "noname")
{
strResult = strResult + "Name : " + CN_Result.InvokeGet("sn");
}
}
}
Console.WriteLine(strResult);
}
}
