From 99e8ff2a736d63a81c250633881685c9d448b6e3 Mon Sep 17 00:00:00 2001 From: "Taisen.fr (Dev)" Date: Fri, 24 May 2024 09:00:10 +0200 Subject: [PATCH] mv Endpoints --- Controller/Controller.cs | 20 ++++++++++---------- Program.cs | 14 +++++++------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Controller/Controller.cs b/Controller/Controller.cs index 4a5c1be..8ab5bae 100644 --- a/Controller/Controller.cs +++ b/Controller/Controller.cs @@ -27,9 +27,9 @@ public static object VulnerableHelloWorld(string FileName = "english") Retourne le contenu du fichier correspondant à la langue choisie par l'utilisateur */ if (FileName.IsNullOrEmpty()) FileName = "francais"; - string Content = File.ReadAllText(FileName.Replace("../", "").Replace("..\\", "")); + while (FileName.Contains("../") || FileName.Contains("..\\")) FileName = FileName.Replace("../", "").Replace("..\\", ""); - return Results.Ok(Content); + return Results.Ok(File.ReadAllText(FileName)); } public static object VulnerableDeserialize(string Json, string Token, string Secret) @@ -61,13 +61,13 @@ On enregistre les objets "employé" valides dans un fichier en lecture seule } } - return Results.Ok($"File is : {File.GetAttributes(ROFile).ToString()} New id : {NewId} Empty Var: {HaveToBeEmpty.IsNullOrEmpty()}"); + return Results.Ok(Newtonsoft.Json.JsonConvert.SerializeObject(new List { File.GetAttributes(ROFile).ToString(), NewId, HaveToBeEmpty.IsNullOrEmpty() })); } public static string VulnerableXmlParser(string Xml, string Token, string Secret) { /* - Parse les données XML passées en paramètre et retourne son contenu + Parse les contrats au format XML passées en paramètre et retourne son contenu */ if (!VulnerableValidateToken(Token, Secret)) return Results.Unauthorized().ToString(); try @@ -206,12 +206,12 @@ public static object VulnerableObjectReference(string Id, string Token, string S { /* Retourne les informations liées à l'ID de l'utilisateur + Permets aux employés de consulter leurs données personnelles */ - List Employees = Data.GetEmployees(); - var Address = Employees.Where(x => Id == x.Id)?.FirstOrDefault()?.Address; - if ((!VulnerableValidateToken(Token, Secret)) || Address.IsNullOrEmpty()) return Results.Unauthorized(); + if (!VulnerableValidateToken(Token, Secret)) return Results.Unauthorized(); + var Employee = Data.GetEmployees()?.Where(x => Id == x.Id)?.FirstOrDefault(); - return Results.Ok(Address); + return Results.Ok(Newtonsoft.Json.JsonConvert.SerializeObject(Employee)); } public static object VulnerableCmd(string UserStr, string Token, string Secret) @@ -241,7 +241,7 @@ Effectue une requête DNS pour le FQDN passé en paramètre public static unsafe string VulnerableBuffer(string UserStr) { /* - Copie une chaine de caractère + Limite les chaines à 50 caractères */ int BuffSize = 50; char* Ptr = stackalloc char[BuffSize], Str = Ptr + BuffSize; @@ -253,7 +253,7 @@ Copie une chaine de caractère public static string VulnerableCodeExecution(string UserStr) { /* - Retourne le résultat de l'opération mathématique sur le chiffre donné en paramètre + Retourne un nouvel Id */ string Result = string.Empty; if (UserStr.Length < 40 && !UserStr.Contains("class") && !UserStr.Contains("using")) diff --git a/Program.cs b/Program.cs index 1dae57b..686e664 100644 --- a/Program.cs +++ b/Program.cs @@ -61,21 +61,21 @@ app.MapGet("/", async (string? lang) => await Task.FromResult(VLAController.VulnerableHelloWorld(HttpUtility.UrlDecode(lang)))); -app.MapPost("/Auth", [ProducesResponseType(StatusCodes.Status200OK)] async (HttpRequest request, [FromBody] VulnerableWebApplication.VLAModel.Creds login) => await Task.FromResult(VLAController.VulnerableQuery(login.User, login.Passwd, Secret, LogFile)).Result).WithOpenApi(); +app.MapPost("/Login", [ProducesResponseType(StatusCodes.Status200OK)] async (HttpRequest request, [FromBody] VulnerableWebApplication.VLAModel.Creds login) => await Task.FromResult(VLAController.VulnerableQuery(login.User, login.Passwd, Secret, LogFile)).Result).WithOpenApi(); -app.MapGet("/Xml", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableXmlParser(HttpUtility.UrlDecode(i), t, Secret))).WithOpenApi(); +app.MapGet("/Contract", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableXmlParser(HttpUtility.UrlDecode(i), t, Secret))).WithOpenApi(); -app.MapGet("/Json", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableDeserialize(HttpUtility.UrlDecode(i), t, Secret))).WithOpenApi(); +app.MapGet("/LocalWebQuery", async (string? i) => await VLAController.VulnerableWebRequest(i)).WithOpenApi(); -app.MapGet("/Req", async (string? i) => await VLAController.VulnerableWebRequest(i)).WithOpenApi(); +app.MapGet("/Employee", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableObjectReference(i, t, Secret))).WithOpenApi(); -app.MapGet("/Addr", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableObjectReference(i, t, Secret))).WithOpenApi(); +app.MapGet("/NewEmployee", async (string i, [FromHeader(Name = "Authorization")] string t) => await Task.FromResult(VLAController.VulnerableDeserialize(HttpUtility.UrlDecode(i), t, Secret))).WithOpenApi(); -app.MapGet("/Dns", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableCmd(HttpUtility.UrlDecode(i), t ,Secret))).WithOpenApi(); +app.MapGet("/LocalDNSResolver", async (string i, [FromHeader(Name="Authorization")] string t) => await Task.FromResult(VLAController.VulnerableCmd(HttpUtility.UrlDecode(i), t ,Secret))).WithOpenApi(); app.MapPatch("/Patch", async ([FromHeader(Name="X-Forwarded-For")] string h, [FromHeader(Name = "Authorization")] string t, [FromForm] IFormFile file) => await VLAController.VulnerableHandleFileUpload(file, h, t, Secret, LogFile)).DisableAntiforgery().WithOpenApi(); -app.UseGraphQL("/GraphQL"); +app.UseGraphQL("/Client"); // Arguments :