mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
58 lines
1.7 KiB
C#
58 lines
1.7 KiB
C#
using System;
|
|
using System.Data.SqlClient;
|
|
using System.Diagnostics;
|
|
|
|
namespace System.Web.UI.WebControls
|
|
{
|
|
public class TextBox
|
|
{
|
|
public string Text { get; set; }
|
|
public string InnerHtml { get; set; }
|
|
}
|
|
}
|
|
|
|
namespace Test
|
|
{
|
|
using System.Web.UI.WebControls;
|
|
using System.Web;
|
|
using System.Diagnostics;
|
|
|
|
class CommandInjection
|
|
{
|
|
TextBox categoryTextBox;
|
|
|
|
public void WebCommandInjection()
|
|
{
|
|
// BAD: Reading from textbox, then using that in the arguments and file name
|
|
string userInput = categoryTextBox.Text;
|
|
Process.Start("foo.exe" + userInput, "/c " + userInput);
|
|
|
|
ProcessStartInfo startInfo = new ProcessStartInfo(userInput, userInput);
|
|
Process.Start(startInfo);
|
|
|
|
ProcessStartInfo startInfoProps = new ProcessStartInfo();
|
|
startInfoProps.FileName = userInput;
|
|
startInfoProps.Arguments = userInput;
|
|
startInfoProps.WorkingDirectory = userInput;
|
|
Process.Start(startInfoProps);
|
|
}
|
|
|
|
public void StoredCommandInjection()
|
|
{
|
|
using (SqlConnection connection = new SqlConnection(""))
|
|
{
|
|
connection.Open();
|
|
SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection);
|
|
SqlDataReader customerReader = customerCommand.ExecuteReader();
|
|
|
|
while (customerReader.Read())
|
|
{
|
|
// BAD: Read from database, and use it to directly execute a command
|
|
Process.Start("foo.exe", "/c " + customerReader.GetString(1));
|
|
}
|
|
customerReader.Close();
|
|
}
|
|
}
|
|
}
|
|
}
|