-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathxss.aspx.cs
More file actions
48 lines (39 loc) · 1.36 KB
/
Copy pathxss.aspx.cs
File metadata and controls
48 lines (39 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
using System;
using System.Data;
using System.Data.SqlClient;
namespace CxAudit_Demo
{
public partial class xss : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
try {
string qs = Request.QueryString[0];
string sanitized = myCustomSanitizer(qs);
message.Text = sanitized;
}
catch { }
}//end Page_Load
protected string myCustomSanitizer(string sVar) {
// ------------------------------------------------------------
// Some custom logic that sanitizes for Reflected XSS
// Not a real implementation. For demonstration purposes only.
// ------------------------------------------------------------
return Regex.Replace(sVar, @"(<|>)", "");
}
private void getName()
{
SqlConnection conn = new SqlConnection("Server=myServerAddress;Database=myDataBase;User Id=myUsername;Password=" + Constants.DB_PASSWORD + ";");
SqlCommand cmd = new SqlCommand();
SqlDataReader reader;
cmd.CommandText = "SELECT NAME FROM Users;";
cmd.CommandType = CommandType.Text;
cmd.Connection = conn;
conn.Open();
reader = cmd.ExecuteReader();
if (reader.HasRows)
message.Text = reader["NAME"].ToString();
conn.Close();
}
}
}