prevelate / webgoat.net Goto Github PK
View Code? Open in Web Editor NEWThis project forked from owasp/webgoat.net
OWASP WebGoat.NET
webgoat.net's Introduction
From the prompt, cd into the WebGoat.NET DB directory
% cd /WebGoat.NET/DB
Start the mysql utility, giving the name (and password, if needed) of a user permission to create databases. For example, to use the default root user:
% mysql --user=root
Create the webgoat_coins database and load the schema. (Loading the schema the schema the first time will give error messages as it attemps to empty any existing tables, just ignore these.)
mysql> create database webgoat_coins;
mysql> use webgoat_coins;
mysql> source create_webgoatcoins.sql;
Load the table contents:
mysql> source load_webgoatcoins.sql;
Exit from mysql:
mysql> quit;
webgoat.net's People
Contributors
webgoat.net's Issues
CX SQL_Injection @ WebGoat/WebGoatCoins/ProductDetails.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/WebGoatCoins/ProductDetails.aspx.cs in branch master
The application's GetProductDetails method executes an SQL query with da, at line 406 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input Request, which is read by the LoadComments method at line 53 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
string id = Request["productNumber"];
string customerNumber = Request.Cookies["customerNumber"].Value;
string error_message = du.AddComment(hiddenFieldProductID.Value, txtEmail.Text, txtComment.Text);
CX Reflected_XSS_All_Clients @ WebGoat/App_Code/DB/SqliteDbProvider.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/App_Code/DB/SqliteDbProvider.cs in branch master
Method GetSecurityQuestionAndAnswer at line 282 of WebGoat\App_Code\DB\SqliteDbProvider.cs gets user input for the row element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method ButtonCheckEmail_Click at line 26 of WebGoat\WebGoatCoins\ForgotPassword.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
qAndA[0] = row[0].ToString();
qAndA[1] = row[1].ToString();
CX SQL_Injection @ WebGoat/WebGoatCoins/MainPage.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/WebGoatCoins/MainPage.aspx.cs in branch master
The application's GetCustomerDetails method executes an SQL query with da, at line 215 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input Value, which is read by the Page_Load method at line 22 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 27
string customerNumber = Request.Cookies["customerNumber"].Value;
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/Orders.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/Orders.aspx.cs in branch master
Method Page_Load at line 20 of WebGoat\WebGoatCoins\Orders.aspx.cs gets user input for the RawUrl element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 20 of WebGoat\WebGoatCoins\Orders.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
link.Text = e.Row.Cells[0].Text;
HyperLink1.NavigateUrl = Request.RawUrl + "&image=images/products/" + image;
string orderNumber = Request["orderNumber"];
CX Reflected_XSS_All_Clients @ WebGoat/Content/UploadPathManipulation.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/UploadPathManipulation.aspx.cs in branch master
Method btnUpload_Click at line 18 of WebGoat\Content\UploadPathManipulation.aspx.cs gets user input for the FileName element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method btnUpload_Click at line 18 of WebGoat\Content\UploadPathManipulation.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 26
labelUpload.Text = "<div class='success' style='text-align:center'>The file " + FileUpload1.FileName + " has been saved in to the WebGoatCoins/uploads directory</div>";
CX XPath_Injection @ WebGoat/Content/XPathInjection.aspx.cs [master]
XPath_Injection issue exists @ WebGoat/Content/XPathInjection.aspx.cs in branch master
The application's FindSalesPerson method constructs an XPath query, for navigating an XML document. The XPath query is created with SelectNodes, at line 24 of WebGoat\Content\XPathInjection.aspx.cs, using an untrusted string embedded in the expression.
This may enable an attacker to modify the XPath expression, leading to an XPath Injection attack.
The attacker may be able to inject the modified XPath expression via user input, QueryString_state, which is retrieved by the application in the Page_Load method, at line 16 of WebGoat\Content\XPathInjection.aspx.cs. This value then flows through the code to SelectNodes, as noted.
Severity: High
CWE:643
Vulnerability details and guidance
Lines: 20
FindSalesPerson(Request.QueryString["state"]);
CX SQL_Injection @ WebGoat/Content/SQLInjection.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/Content/SQLInjection.aspx.cs in branch master
The application's GetEmailByName method executes an SQL query with da, at line 515 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input Text, which is read by the btnFind_Click method at line 23 of WebGoat\Content\SQLInjection.aspx.cs. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 25
string name = txtName.Text;
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/CustomerLogin.aspx [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/CustomerLogin.aspx in branch master
Method %> at line 1 of WebGoat\WebGoatCoins\CustomerLogin.aspx gets user input for the Request element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method %> at line 1 of WebGoat\WebGoatCoins\CustomerLogin.aspx. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 9
//var return_url = <%= Request["ReturnUrl"] == null ? "\"\"" : "\"" + Request["ReturnUrl"].ToString() + "\"" %>
CX Stored_XSS @ WebGoat/Content/ReadlineDoS.aspx.cs [master]
Stored_XSS issue exists @ WebGoat/Content/ReadlineDoS.aspx.cs in branch master
Method btnUpload_Click at line 14 of WebGoat\Content\ReadlineDoS.aspx.cs gets data from the database, for the ReadLine element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method btnUpload_Click at line 14 of WebGoat\Content\ReadlineDoS.aspx.cs. This may enable a Stored Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 23
lblFileContent.Text += reader.ReadLine() + "<br />";
CX SQL_Injection @ WebGoat/Content/StoredXSS.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/Content/StoredXSS.aspx.cs in branch master
The application's AddComment method executes an SQL query with command, at line 271 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input Text, which is read by the btnSave_Click method at line 26 of WebGoat\Content\StoredXSS.aspx.cs. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 30
string error_message = du.AddComment("user_cmt", txtEmail.Text, txtComment.Text);
CX Stored_XSS @ WebGoat/App_Code/DB/SqliteDbProvider.cs [master]
Stored_XSS issue exists @ WebGoat/App_Code/DB/SqliteDbProvider.cs in branch master
Method GetEmailByCustomerNumber at line 496 of WebGoat\App_Code\DB\SqliteDbProvider.cs gets data from the database, for the ExecuteScalar element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method btnFind_Click at line 23 of WebGoat\Content\SQLInjectionDiscovery.aspx.cs. This may enable a Stored Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 506
output = (string)cmd.ExecuteScalar();
CX Reflected_XSS_All_Clients @ WebGoat/Content/HeaderInjection.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/HeaderInjection.aspx.cs in branch master
Method Page_Load at line 13 of WebGoat\Content\HeaderInjection.aspx.cs gets user input for the Console element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 13 of WebGoat\Content\HeaderInjection.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 16
lblHeaders.Text = Request.Headers.Console.WriteLine().Replace("&", "<br />");;
CX Reflected_XSS_All_Clients @ WebGoat/Content/ReflectedXSS.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/ReflectedXSS.aspx.cs in branch master
Method Page_Load at line 17 of WebGoat\Content\ReflectedXSS.aspx.cs gets user input for the Request element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method LoadCity at line 23 of WebGoat\Content\ReflectedXSS.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 20
LoadCity(Request["city"]);
CX SQL_Injection @ WebGoat/WebGoatCoins/Autocomplete.ashx.cs [master]
SQL_Injection issue exists @ WebGoat/WebGoatCoins/Autocomplete.ashx.cs in branch master
The application's GetCustomerEmails method executes an SQL query with da, at line 557 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input Request, which is read by the ProcessRequest method at line 20 of WebGoat\WebGoatCoins\Autocomplete.ashx.cs. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 25
string query = context.Request["query"];
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/ProductDetails.aspx [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/ProductDetails.aspx in branch master
Method %> at line 1 of WebGoat\WebGoatCoins\ProductDetails.aspx gets user input for the Request element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method %> at line 1 of WebGoat\WebGoatCoins\ProductDetails.aspx. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 19
<h1 class="title-regular-4 clearfix">Details for <%=(Request["productNumber"] == null ? "This Month's Special" : "Product #" + Request["productNumber"].ToString()) %></h1>
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/MainPage.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/MainPage.aspx.cs in branch master
Method Page_Load at line 22 of WebGoat\WebGoatCoins\MainPage.aspx.cs gets user input for the row element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 22 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Image1.ImageUrl = "images/logos/" + row["logoFileName"];
cell2.Text = row[col].ToString();
CX Reflected_XSS_All_Clients @ WebGoat/Content/SQLInjectionDiscovery.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/SQLInjectionDiscovery.aspx.cs in branch master
Method btnFind_Click at line 23 of WebGoat\Content\SQLInjectionDiscovery.aspx.cs gets user input for the Text element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method btnFind_Click at line 23 of WebGoat\Content\SQLInjectionDiscovery.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 27
string name = txtID.Text.Substring(0, 3);
CX Reflected_XSS_All_Clients @ WebGoat/Content/EncryptVSEncode.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/EncryptVSEncode.aspx.cs in branch master
Method btnGO_Click at line 25 of WebGoat\Content\EncryptVSEncode.aspx.cs gets user input for the Text element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method MakeRow at line 51 of WebGoat\Content\EncryptVSEncode.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 32
string secret = txtString.Text;
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/ProductDetails.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/ProductDetails.aspx.cs in branch master
Method LoadComments at line 53 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs gets user input for the prodRow element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method LoadComments at line 53 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
output += "<strong>" + prodRow["productName"].ToString() + "</strong><br/>";
output += "<hr/>" + prodRow["productDescription"].ToString() + "<br/>";
hiddenFieldProductID.Value = prodRow["productCode"].ToString();
comments += "<strong>Email:</strong>" + commentRow["email"] + "<span style='font-size: x-small;color: #E47911;'> (Email Address Verified!) </span><br/>";
comments += "<strong>Comment:</strong><br/>" + commentRow["comment"] + "<br/><hr/>";
output += "<img src='./images/products/" + prodRow["productImage"] + "'/><br/>";
CX Reflected_XSS_All_Clients @ WebGoat/Content/StoredXSS.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/StoredXSS.aspx.cs in branch master
Method LoadComments at line 42 of WebGoat\Content\StoredXSS.aspx.cs gets user input for the row element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method LoadComments at line 42 of WebGoat\Content\StoredXSS.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
comments += "<strong>Email:</strong>" + row["email"] + "<span style='font-size: x-small;color: #E47911;'> (Email Address Verified!) </span><br/>";
comments += "<strong>Comment:</strong><br/>" + row["comment"] + "<br/><hr/>";
CX Reflected_XSS_All_Clients @ WebGoat/Content/PathManipulation.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/PathManipulation.aspx.cs in branch master
Method Page_Load at line 13 of WebGoat\Content\PathManipulation.aspx.cs gets user input for the QueryString_filename element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 13 of WebGoat\Content\PathManipulation.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 33
string filename = Request.QueryString["filename"];
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/CustomerLogin.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/CustomerLogin.aspx.cs in branch master
Method ButtonLogOn_Click at line 31 of WebGoat\WebGoatCoins\CustomerLogin.aspx.cs gets user input for the Text element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method ButtonLogOn_Click at line 31 of WebGoat\WebGoatCoins\CustomerLogin.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 33
string email = txtUserName.Text;
CX Second_Order_SQL_Injection @ WebGoat/Code/DatabaseUtilities.cs [master]
Second_Order_SQL_Injection issue exists @ WebGoat/Code/DatabaseUtilities.cs in branch master
The application's DoNonQuery method executes an SQL query with cmd, at line 73 of WebGoat\Code\DatabaseUtilities.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker may be able to write arbitrary data to the database, which is then retrieved by the application with ReadLine in RunSQLFromFile method at line 46 of WebGoat\Code\DatabaseUtilities.cs. This data then flows through the code, until it is used directly in the SQL query without sanitization, and then submitted to the database server for execution.
This may enable a Second-Order SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 51
while ((line = sr.ReadLine ()) != null) {
CX SQL_Injection @ WebGoat/WebGoatCoins/CustomerLogin.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/WebGoatCoins/CustomerLogin.aspx.cs in branch master
The application's IsValidCustomerLogin method executes an SQL query with da, at line 112 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input Text, which is read by the ButtonLogOn_Click method at line 31 of WebGoat\WebGoatCoins\CustomerLogin.aspx.cs. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 33
string email = txtUserName.Text;
CX Reflected_XSS_All_Clients @ WebGoat/ProxySetup.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/ProxySetup.aspx.cs in branch master
Method btnReverse_Click at line 12 of WebGoat\ProxySetup.aspx.cs gets user input for the Text element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method btnReverse_Click at line 12 of WebGoat\ProxySetup.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 15
var name = txtName.Text;
CX Reflected_XSS_All_Clients @ WebGoat/App_Code/DB/MySqlDbProvider.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/App_Code/DB/MySqlDbProvider.cs in branch master
Method GetSecurityQuestionAndAnswer at line 319 of WebGoat\App_Code\DB\MySqlDbProvider.cs gets user input for the row element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method ButtonCheckEmail_Click at line 26 of WebGoat\WebGoatCoins\ForgotPassword.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
qAndA[0] = row[0].ToString();
qAndA[1] = row[1].ToString();
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/Catalog.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/Catalog.aspx.cs in branch master
Method Page_Load at line 17 of WebGoat\WebGoatCoins\Catalog.aspx.cs gets user input for the prodRow element. This element’s value then flows through the code without being properly sanitized or validated and is eventually displayed to the user in method Page_Load at line 17 of WebGoat\WebGoatCoins\Catalog.aspx.cs. This may enable a Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
lblOutput.Text += "<img src='./images/products/" + prodRow[3] + "'/><br/>\n";
lblOutput.Text += "" + prodRow[1] + "<br/>\n";
lblOutput.Text += "<a href=\"ProductDetails.aspx?productNumber=" + prodRow[0].ToString() + "\"><br/>\n";
CX Stored_XSS @ WebGoat/Content/PathManipulation.aspx.cs [master]
Stored_XSS issue exists @ WebGoat/Content/PathManipulation.aspx.cs in branch master
Method ResponseFile at line 49 of WebGoat\Content\PathManipulation.aspx.cs gets data from the database, for the ReadBytes element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method ResponseFile at line 49 of WebGoat\Content\PathManipulation.aspx.cs. This may enable a Stored Cross-Site-Scripting attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 88
_Response.BinaryWrite(br.ReadBytes(pack));
CX SQL_Injection @ WebGoat/Content/ForgotPassword.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/Content/ForgotPassword.aspx.cs in branch master
The application's GetSecurityQuestionAndAnswer method executes an SQL query with da, at line 319 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input Text, which is read by the ButtonCheckEmail_Click method at line 25 of WebGoat\Content\ForgotPassword.aspx.cs. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
labelPassword.Text = "Security Question Challenge Successfully Completed! <br/>Your password is: " + getPassword(txtEmail.Text);
string[] result = du.GetSecurityQuestionAndAnswer(txtEmail.Text);
CX SQL_Injection @ WebGoat/WebGoatCoins/ForgotPassword.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/WebGoatCoins/ForgotPassword.aspx.cs in branch master
The application's GetSecurityQuestionAndAnswer method executes an SQL query with da, at line 319 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input Text, which is read by the ButtonCheckEmail_Click method at line 26 of WebGoat\WebGoatCoins\ForgotPassword.aspx.cs. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
labelPassword.Text = "Security Question Challenge Successfully Completed! <br/>Your password is: " + getPassword(txtEmail.Text);
string[] result = du.GetSecurityQuestionAndAnswer(txtEmail.Text);
CX SQL_Injection @ WebGoat/Content/SQLInjectionDiscovery.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/Content/SQLInjectionDiscovery.aspx.cs in branch master
The application's GetEmailByCustomerNumber method executes an SQL query with cmd, at line 496 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker would be able to inject arbitrary data into the SQL query, by simply altering the user input Text, which is read by the btnFind_Click method at line 23 of WebGoat\Content\SQLInjectionDiscovery.aspx.cs. This input then flows through the code to the database server, without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 27
string name = txtID.Text.Substring(0, 3);
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.