113 lines
3.4 KiB
C#
113 lines
3.4 KiB
C#
using EonaCat.Sql;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.RazorPages;
|
|
using System.Text.Json;
|
|
|
|
namespace Webtester.Pages
|
|
{
|
|
public class IndexModel : PageModel
|
|
{
|
|
private readonly ILogger<IndexModel> _logger;
|
|
private static bool getDone;
|
|
|
|
public IndexModel(ILogger<IndexModel> logger)
|
|
{
|
|
_logger = logger;
|
|
}
|
|
|
|
public void OnGet(string test)
|
|
{
|
|
if (test != null)
|
|
{
|
|
TestInjection(test);
|
|
}
|
|
}
|
|
|
|
[HttpPost]
|
|
public void OnPost(string test)
|
|
{
|
|
if (!getDone)
|
|
{
|
|
Console.Clear();
|
|
Console.WriteLine("Testing for injections:");
|
|
getDone = true;
|
|
}
|
|
|
|
TestInjection(test);
|
|
}
|
|
|
|
private void TestInjection(string text)
|
|
{
|
|
var connectionString = @"Server=localhost;Database=NorthWind;User Id=sa;Password=jeroen;TrustServerCertificate=Yes;";
|
|
var result = SqlHelper.ExecuteQuery(connectionString,
|
|
$"SELECT * FROM Customers WHERE Country = @0", true, text);
|
|
|
|
if (!result.HasResult)
|
|
{
|
|
if (result.IsExecutedToDatabase)
|
|
{
|
|
WriteAsync("[EXECUTED TO DATABASE] No valid result!");
|
|
}
|
|
else
|
|
{
|
|
WriteAsync("No valid result!");
|
|
}
|
|
}
|
|
else if (result.IsExecutedToDatabase)
|
|
{
|
|
if (result.HasRows)
|
|
{
|
|
WriteAsync("VALID: " + JsonSerializer.Serialize(result.DataSet));
|
|
}
|
|
WriteAsync($"The SQL input was '{text}'");
|
|
}
|
|
|
|
if (result.HasException)
|
|
{
|
|
WriteAsync("Exception found: " + result.Exception);
|
|
}
|
|
}
|
|
|
|
private async Task WriteAsync(string v)
|
|
{
|
|
System.IO.File.AppendAllText("test.txt", DateTime.Now.ToShortDateString() + ":" + DateTime.Now.ToShortTimeString() + ": " + v);
|
|
Console.WriteLine(v);
|
|
}
|
|
|
|
private static async void TestsqlServer()
|
|
{
|
|
var customerId = "AROUT";
|
|
var connectionString = @"Server=localhost;Database=NorthWind;User Id=sa;Password=jeroen;TrustServerCertificate=Yes;";
|
|
var result = SqlHelper.ExecuteQuery(connectionString,
|
|
$"SELECT * FROM Customers WHERE CustomerID = @0 AND Country = @1"
|
|
, true, customerId, "UK");
|
|
|
|
if (result.HasResult && result.HasRows)
|
|
{
|
|
Console.WriteLine($"Found '{result.TotalRows}' " + ((result.TotalRows > 1) ? "rows" : "row"));
|
|
Console.WriteLine(string.Empty);
|
|
foreach (var record in result.DataSet)
|
|
{
|
|
Console.WriteLine(record.CustomerID);
|
|
Console.WriteLine(record.ContactTitle);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (!result.HasResult)
|
|
{
|
|
Console.WriteLine("No valid result!");
|
|
}
|
|
|
|
if (!result.HasRows)
|
|
{
|
|
Console.WriteLine("No rows found");
|
|
}
|
|
if (result.HasException)
|
|
{
|
|
Console.WriteLine(result.Exception);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |