User XP review

Aif4thah · Aif4thah · commit c3497edff06d · 2025-05-15T12:10:50.000+02:00
diff --git a/Controller/Controller.cs b/Controller/Controller.cs
@@ -64,7 +64,8 @@ On enregistre les objets "employé" valides dans un fichier en lecture seule
                 }
             }
 
-            return Results.Ok(JsonConvert.SerializeObject(new List<object> { File.GetAttributes(ROFile).ToString(), NewId, string.IsNullOrEmpty(HaveToBeEmpty) }));
+            return new Dictionary<string, object>{ { "File Attributes", File.GetAttributes(ROFile).ToString() },{ "NewId", NewId }, { "Memory Integrity", string.IsNullOrEmpty(HaveToBeEmpty) }
+};
         }
 
         public static string VulnerableXmlParser(string Xml)
@@ -189,7 +190,7 @@ Limite les chaines à 50 caractères
         public static string VulnerableCodeExecution(string UserStr)
         {
             /*
-            Retourne un nouvel Id
+            Retourne un nouvel Id d'employé
             */
             string Result = string.Empty;
             if (UserStr.Length < 40 && !UserStr.Contains("class") && !UserStr.Contains("using"))
diff --git a/README.md b/README.md
@@ -35,7 +35,22 @@ flowchart TD
     H --> P(*Variables and functions*)
 ```
 
-## 🐞 Vulnerabilities
+## 🏢 Business Value to Attack
+
+| Business Workflow                      | Relevant OWASP ASVS Chapters |
+|----------------------------------------|------------------------------|
+| **Personal Data Management**           | V1 Architecture, Design and Threat Modeling, V5 Validation, Sanitization and Encoding |
+| **Employee Management**                | V2 Authentication, V9 Cryptography |
+| **Client Management**                  | V4 Access Control, V6 Stored Data |
+| **Banking data Management**            | V7 Cryptography at Rest, V10 Malicious Code |
+| **Contracts and Documents Management** | V13 File and Resources, V5 Validation, Sanitization and Encoding |
+| **Identities and Secrets Management**  | V2 Authentication, V9 Cryptography |
+| **Administrative Tasks**               | V4 Access Control, V17 Business Logic |
+| **Log Management**                     | V19 Logging and Monitoring |
+| **Service Behavior**                   | V14 API and Web Service Security, V17 Business Logic |
+
+
+## 🐞 Vulnerabilities to discover
 
 | MITRE Reference | Description | Difficulty |
 |----|---|----|
@@ -72,6 +87,7 @@ flowchart TD
 ## 🔑 Hint & Write Up
 
 * Try reading [Dojo-101](https://github.com/Aif4thah/Dojo-101), this project contains all you need to hack this app.
+
 * [Become a sponsor](https://github.com/sponsors/Aif4thah?frequency=recurring&sponsor=Aif4thah) and get access to the **full methodology** and **complete write-up**.
 
 

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,8 @@ On enregistre les objets "employé" valides dans un fichier en lecture seule`
`64`	`64`	`}`
`65`	`65`	`}`
`66`	`66`
`67`		`- return Results.Ok(JsonConvert.SerializeObject(new List<object> { File.GetAttributes(ROFile).ToString(), NewId, string.IsNullOrEmpty(HaveToBeEmpty) }));`
	`67`	`+ return new Dictionary<string, object>{ { "File Attributes", File.GetAttributes(ROFile).ToString() },{ "NewId", NewId }, { "Memory Integrity", string.IsNullOrEmpty(HaveToBeEmpty) }`
	`68`	`+};`
`68`	`69`	`}`
`69`	`70`
`70`	`71`	`public static string VulnerableXmlParser(string Xml)`
`@@ -189,7 +190,7 @@ Limite les chaines à 50 caractères`
`189`	`190`	`public static string VulnerableCodeExecution(string UserStr)`
`190`	`191`	`{`
`191`	`192`	`/*`
`192`		`- Retourne un nouvel Id`
	`193`	`+ Retourne un nouvel Id d'employé`
`193`	`194`	`*/`
`194`	`195`	`string Result = string.Empty;`
`195`	`196`	`if (UserStr.Length < 40 && !UserStr.Contains("class") && !UserStr.Contains("using"))`