diff --git a/Controller/Controller.cs b/Controller/Controller.cs index 67d0200..c16859f 100644 --- a/Controller/Controller.cs +++ b/Controller/Controller.cs @@ -178,7 +178,7 @@ Vérifie la validité du token JWT passé en paramètre bool Result = true; try { - var JwtSecurityToken = TokenHandler.ReadJwtToken(Token); + var JwtSecurityToken = TokenHandler.ReadJwtToken(Token.Substring("Bearer ".Length)); if (JwtSecurityToken.Header.Alg == "HS256" && JwtSecurityToken.Header.Typ == "JWT") { TokenHandler.ValidateToken(Token, new TokenValidationParameters @@ -282,12 +282,12 @@ Retourne le résultat de l'opération mathématique sur le chiffre donné en par return Result; } - public static object VulnerableNoSQL(string UserStr) + public static object VulnerableNoSQL(string UserStr, string Token, string Secret) { /* Retourne le résultat de la requête NoSQL fournie en paramètre */ - if (UserStr.Length > 250) return Results.Unauthorized(); + if (!VulnerableValidateToken(Token, Secret)) return Results.Unauthorized(); List Employees = Data.GetEmployees(); var Query = Employees.AsQueryable(); diff --git a/Program.cs b/Program.cs index 57c2879..2ad62be 100644 --- a/Program.cs +++ b/Program.cs @@ -1,6 +1,4 @@ using System.Web; -using Microsoft.AspNetCore.OpenApi; -using Swashbuckle.AspNetCore; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Builder; @@ -10,6 +8,7 @@ using Microsoft.AspNetCore.HttpOverrides; using VulnerableWebApplication.VLAModel; using VulnerableWebApplication.MidlWare; +using Microsoft.AspNetCore.OpenApi; // Configuration : @@ -46,23 +45,24 @@ // Endpoints : -app.MapGet("/", async (string? lang) => await Task.FromResult(VLAController.VulnerableHelloWorld(HttpUtility.UrlDecode(lang)))).WithOpenApi(); -app.MapGet("/Xml", async (string i, string t) => await Task.FromResult(VLAController.VulnerableXmlParser(HttpUtility.UrlDecode(i), t, Secret))).WithOpenApi(); +app.MapGet("/", async (string? lang) => await Task.FromResult(VLAController.VulnerableHelloWorld(HttpUtility.UrlDecode(lang)))); -app.MapGet("/Json", async (string i, string t) => await Task.FromResult(VLAController.VulnerableDeserialize(HttpUtility.UrlDecode(i), t, Secret))).WithOpenApi(); +app.MapPost("/Auth", [ProducesResponseType(StatusCodes.Status200OK)] async (HttpRequest request, [FromBody] VulnerableWebApplication.VLAModel.Creds login) => await Task.FromResult(VLAController.VulnerableQuery(login.User, login.Passwd, Secret, LogFile)).Result).WithOpenApi(); -app.MapGet("/Req", async (string? i) => await VLAController.VulnerableWebRequest(i)).WithOpenApi(); +app.MapGet("/Xml", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableXmlParser(HttpUtility.UrlDecode(i), t, Secret))).WithOpenApi(); -app.MapGet("/Addr", async (string i, string t) => await Task.FromResult(VLAController.VulnerableObjectReference(i, t, Secret))).WithOpenApi(); +app.MapGet("/Json", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableDeserialize(HttpUtility.UrlDecode(i), t, Secret))).WithOpenApi(); + +app.MapGet("/Req", async (string? i) => await VLAController.VulnerableWebRequest(i)).WithOpenApi(); -app.MapGet("/Dns", async (string i, string t) => await Task.FromResult(VLAController.VulnerableCmd(HttpUtility.UrlDecode(i), t ,Secret))).WithOpenApi(); +app.MapGet("/Addr", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableObjectReference(i, t, Secret))).WithOpenApi(); -app.MapGet("/NoSQL", async (string s) => await Task.FromResult(VLAController.VulnerableNoSQL(HttpUtility.UrlDecode(s)))).WithOpenApi(); +app.MapGet("/Dns", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableCmd(HttpUtility.UrlDecode(i), t ,Secret))).WithOpenApi(); -app.MapPost("/Auth", [ProducesResponseType(StatusCodes.Status200OK)] async (HttpRequest request, [FromBody]VulnerableWebApplication.VLAModel.Creds login) => await Task.FromResult(VLAController.VulnerableQuery(login.User, login.Passwd, Secret, LogFile)).Result).WithOpenApi(); +app.MapGet("/NoSQL", async (string s, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableNoSQL(HttpUtility.UrlDecode(s), t, Secret))).WithOpenApi(); -app.MapPatch("/Patch", async ([FromForm]IFormFile file, [FromHeader(Name="X-Forwarded-For")] string h, string t) => await VLAController.VulnerableHandleFileUpload(file, h, t, Secret, LogFile)).DisableAntiforgery(); +app.MapPost("/Patch", async ([FromHeader(Name="X-Forwarded-For")] string h, [FromHeader(Name = "Authorization")] string t, [FromForm] IFormFile file) => await VLAController.VulnerableHandleFileUpload(file, h, t, Secret, LogFile)).DisableAntiforgery().WithOpenApi(); // Arguments : @@ -73,7 +73,7 @@ app.Urls.Add("http://localhost:4000"); app.Urls.Add("https://localhost:3000"); } -else app.Urls.Add(url.Replace("--url=","")); +else app.Urls.Add(url.Substring("--url=".Length)); // Lancement : diff --git a/VulnerableWebApplication.csproj b/VulnerableWebApplication.csproj index c0bc03f..9b555e9 100644 --- a/VulnerableWebApplication.csproj +++ b/VulnerableWebApplication.csproj @@ -8,10 +8,10 @@ - + - +