From bebb4f58e73b6289a6e1ea0676a5327fc47cf235 Mon Sep 17 00:00:00 2001 From: Colby Prior <90172408+octocolby@users.noreply.github.com> Date: Tue, 13 Sep 2022 13:56:39 +1000 Subject: [PATCH 1/5] Update SQLIController.cs --- RandomQuotes/Controllers/SQLIController.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/RandomQuotes/Controllers/SQLIController.cs b/RandomQuotes/Controllers/SQLIController.cs index 343655e..b47f97f 100644 --- a/RandomQuotes/Controllers/SQLIController.cs +++ b/RandomQuotes/Controllers/SQLIController.cs @@ -19,7 +19,7 @@ public IActionResult Get(string name) conn.Open(); SQLiteCommand cmd = new SQLiteCommand(conn); - cmd.CommandText = "select * from Employee where FirstName == '" + name + "';"; + cmd.CommandText = "select * from Employee where LastName == '" + name + "';"; SQLiteDataReader reader = cmd.ExecuteReader(); @@ -40,4 +40,4 @@ public IActionResult Get(string name) return Ok(res); } } -} \ No newline at end of file +} From a2e03958748943f468fcf53d4977d5fcaeee7144 Mon Sep 17 00:00:00 2001 From: Colby Prior <90172408+octocolby@users.noreply.github.com> Date: Wed, 14 Sep 2022 11:02:59 +1000 Subject: [PATCH 2/5] Update SQLIController.cs --- RandomQuotes/Controllers/SQLIController.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/RandomQuotes/Controllers/SQLIController.cs b/RandomQuotes/Controllers/SQLIController.cs index b47f97f..3a4fe2e 100644 --- a/RandomQuotes/Controllers/SQLIController.cs +++ b/RandomQuotes/Controllers/SQLIController.cs @@ -15,13 +15,13 @@ public class SQLIController : Controller [HttpGet("sqli")] public IActionResult Get(string name) { - SQLiteConnection conn = new SQLiteConnection("Data Source=Chinook_Sqlite.sqlite"); + SQLiteConnection conn2 = new SQLiteConnection("Data Source=Chinook_Sqlite.sqlite"); conn.Open(); - SQLiteCommand cmd = new SQLiteCommand(conn); - cmd.CommandText = "select * from Employee where LastName == '" + name + "';"; + SQLiteCommand cmd2 = new SQLiteCommand(conn2); + cmd2.CommandText = "select * from Employee where LastName == '" + name + "';"; - SQLiteDataReader reader = cmd.ExecuteReader(); + SQLiteDataReader reader = cmd2.ExecuteReader(); List res = new List(); From d49a53bafed7223e3adbcef6d51b0d613d101dcb Mon Sep 17 00:00:00 2001 From: Colby Prior Date: Wed, 14 Sep 2022 11:45:08 +1000 Subject: [PATCH 3/5] fix conn name --- RandomQuotes/Controllers/SQLIController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RandomQuotes/Controllers/SQLIController.cs b/RandomQuotes/Controllers/SQLIController.cs index 3a4fe2e..890e837 100644 --- a/RandomQuotes/Controllers/SQLIController.cs +++ b/RandomQuotes/Controllers/SQLIController.cs @@ -16,7 +16,7 @@ public class SQLIController : Controller public IActionResult Get(string name) { SQLiteConnection conn2 = new SQLiteConnection("Data Source=Chinook_Sqlite.sqlite"); - conn.Open(); + conn2.Open(); SQLiteCommand cmd2 = new SQLiteCommand(conn2); cmd2.CommandText = "select * from Employee where LastName == '" + name + "';"; From 190ef3c6def754d711d008dc16d95d0f423126c5 Mon Sep 17 00:00:00 2001 From: Colby Prior Date: Tue, 20 Sep 2022 09:02:40 +1000 Subject: [PATCH 4/5] change sqli style --- RandomQuotes/Controllers/SQLIController.cs | 23 ++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/RandomQuotes/Controllers/SQLIController.cs b/RandomQuotes/Controllers/SQLIController.cs index 890e837..edcee3a 100644 --- a/RandomQuotes/Controllers/SQLIController.cs +++ b/RandomQuotes/Controllers/SQLIController.cs @@ -3,7 +3,9 @@ using System.IO; using System.Text; using Microsoft.AspNetCore.Mvc; -using System.Data.SQLite; +using System.Data.SQLite; +using System.Linq; +using Microsoft.AspNetCore.Http.Extensions; namespace RandomQuotes.Controllers @@ -11,16 +13,29 @@ namespace RandomQuotes.Controllers public class SQLIController : Controller { // testing normal: /sqli?name=Andrew - // testing exploit: /sqli?name=1%27%20or%20%271%27==%271 + // testing exploit: /sqli?name=Octopus%27%20or%20%271%27==%271 [HttpGet("sqli")] public IActionResult Get(string name) { + string clause = ""; + List list = new List(); + if (name.StartsWith("Octopus")) + { + list.Add("FirstName == '" + name + "';"); + } + else + { + list.Add("FirstName == 'Andrew';"); + } + SQLiteConnection conn2 = new SQLiteConnection("Data Source=Chinook_Sqlite.sqlite"); conn2.Open(); SQLiteCommand cmd2 = new SQLiteCommand(conn2); - cmd2.CommandText = "select * from Employee where LastName == '" + name + "';"; - + string whereClause = "where " + string.Join(" OR ", list); + + cmd2.CommandText = "select * from Employee " + whereClause; + Console.WriteLine(cmd2.CommandText); SQLiteDataReader reader = cmd2.ExecuteReader(); From e8887ea56c7fbd91ffeaa03c3a3c0867ef800deb Mon Sep 17 00:00:00 2001 From: Colby Prior <90172408+octocolby@users.noreply.github.com> Date: Tue, 6 Aug 2024 09:20:06 +1000 Subject: [PATCH 5/5] Update SQLIController.cs