Skip to content

Commit 7a0fb1a

Browse files
Aif4thahAif4thah
committed
CWE79++
1 parent c3497ed commit 7a0fb1a

File tree

3 files changed

+30
-24
lines changed

3 files changed

+30
-24
lines changed

Controller/Controller.cs

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -106,17 +106,6 @@ Parse les contrats au format XML passées en paramètre et retourne son contenu
106106
}
107107
}
108108

109-
public static void VulnerableLogs(string Str, string LogFile)
110-
{
111-
/*
112-
Enregistre la chaine de caractères passée en paramètre dans le fichier de journalisation
113-
*/
114-
if (Str.Contains("script", StringComparison.OrdinalIgnoreCase)) Str = HttpUtility.HtmlEncode(Str);
115-
if (!File.Exists(LogFile)) File.WriteAllText(LogFile, Data.GetLogPage());
116-
string Page = File.ReadAllText(LogFile).Replace("</body>", $"<p>{Str}</p><br>{Environment.NewLine}</body>");
117-
File.WriteAllText(LogFile, Page);
118-
}
119-
120109
public static async Task<object> VulnerableWebRequest(string Uri = "https://localhost:3000/")
121110
{
122111
/*

Identity/VLAIdentity.cs

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,6 @@ public static async Task<object> VulnerableQuery(string User, string Passwd)
3737
for (int i = 0; i < Bytes.Length; i++) stringbuilder.Append(Bytes[i].ToString("x2"));
3838
string Hash = stringbuilder.ToString();
3939

40-
VLAController.VLAController.VulnerableLogs("login attempt for:\n" + User + "\n" + Passwd + "\n", LogFile);
4140
var DataSet = VLAModel.Data.GetDataSet();
4241
var Result = DataSet.Tables[0].Select("Passwd = '" + Hash + "' and User = '" + User + "'");
4342
var userRow = DataSet.Tables[0].AsEnumerable().FirstOrDefault(row => row.Field<string>("User") == User && row.Field<int>("IsAdmin") == 1);

MidlWare/MidlWare.cs

Lines changed: 30 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
using Microsoft.IdentityModel.Tokens;
55
using Microsoft.AspNetCore.Http;
66
using System.Text;
7+
using System.Web;
78

89
namespace VulnerableWebApplication.MidlWare
910
{
@@ -40,40 +41,57 @@ public ValidateJwtMiddleware(RequestDelegate next)
4041
public async Task InvokeAsync(HttpContext context, IConfiguration configuration)
4142
{
4243
/*
43-
Authentifie les utilisateurs
44-
*/
44+
* Authentifie les utilisateur
45+
*
46+
* Renvoi certains messages d'érreur
47+
*/
48+
var path = context.Request.Path.Value;
49+
if (path.Contains("script", StringComparison.OrdinalIgnoreCase)) path = HttpUtility.HtmlEncode(path); //XSS protection ;)
4550

4651
string authHeader = context.Request.Headers["Authorization"];
47-
string UnauthMsg = "Welcome to vulnerableLightApp. You are not authenticated. Source code is available at https://github.com/Aif4thah/VulnerableLightApp";
4852

49-
// URL Without Authentication
50-
var path = context.Request.Path.Value;
53+
string UnauthMsg = "<html><head><title>Accès interdit</title></head>" +
54+
"<body><h1>Erreur 401 - Accès non autorisé</h1>" +
55+
"<p>START HACKING !</p></body></html>";
56+
57+
string NotFoundMsg = "<html><head><title>Page introuvable</title></head>" +
58+
"<body><h1>Erreur 404 - Page non trouvée</h1>" +
59+
"<p>La ressource " + path + " n'existe pas ou a été déplacée.</p></body></html>";
60+
5161
if (path.Equals("/login", StringComparison.OrdinalIgnoreCase) || path.StartsWith("/swagger", StringComparison.OrdinalIgnoreCase))
5262
{
5363
await _next(context);
5464
return;
5565
}
5666

57-
// User Authentication
5867
if (string.IsNullOrEmpty(authHeader) || !VLAIdentity.VLAIdentity.VulnerableValidateToken(authHeader, configuration["Secret"]))
5968
{
6069
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
61-
var bytes = Encoding.UTF8.GetBytes(UnauthMsg);
62-
context.Response.Body.WriteAsync(bytes, 0, bytes.Length);
70+
context.Response.ContentType = "text/html; charset=utf-8";
71+
await context.Response.WriteAsync(UnauthMsg, Encoding.UTF8);
6372
return;
6473
}
6574

66-
// Admin Authentication
67-
if (path.StartsWith("/Patch", StringComparison.OrdinalIgnoreCase) && (string.IsNullOrEmpty(authHeader) || !VLAIdentity.VLAIdentity.VulnerableAdminValidateToken(authHeader, configuration["Secret"])) )
75+
if (path.StartsWith("/Patch", StringComparison.OrdinalIgnoreCase) && (string.IsNullOrEmpty(authHeader) || !VLAIdentity.VLAIdentity.VulnerableAdminValidateToken(authHeader, configuration["Secret"])))
6876
{
6977
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
70-
var bytes = Encoding.UTF8.GetBytes(UnauthMsg);
71-
context.Response.Body.WriteAsync(bytes, 0, bytes.Length);
78+
context.Response.ContentType = "text/html; charset=utf-8";
79+
await context.Response.WriteAsync(UnauthMsg, Encoding.UTF8);
7280
return;
7381
}
7482

7583
await _next(context);
84+
85+
// 🔹 Gestion du 404 après exécution du pipeline
86+
if (context.Response.StatusCode == StatusCodes.Status404NotFound)
87+
{
88+
context.Response.ContentType = "text/html; charset=utf-8";
89+
await context.Response.WriteAsync(NotFoundMsg, Encoding.UTF8);
90+
}
7691
}
92+
93+
94+
7795
}
7896

7997
}

0 commit comments

Comments
 (0)