rudy-marquez / webgoatnet Goto Github PK
View Code? Open in Web Editor NEWWebGoat.Net
webgoatnet's People
Contributors
Watchers
webgoatnet's Issues
CX Reflected_XSS_All_Clients @ WebGoat/Content/EncryptVSEncode.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/EncryptVSEncode.aspx.cs in branch master
*The application's MakeRow embeds untrusted data in the generated output with Text, at line 60 of WebGoat\Content\EncryptVSEncode.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Text, which is read by the btnGO_Click method at line 32 of WebGoat\Content\EncryptVSEncode.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -2067853956
The application's MakeRow embeds untrusted data in the generated output with Text, at line 74 of WebGoat\Content\EncryptVSEncode.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Text, which is read by the btnGO_Click method at line 32 of WebGoat\Content\EncryptVSEncode.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -248831010
The application's MakeRow embeds untrusted data in the generated output with Text, at line 74 of WebGoat\Content\EncryptVSEncode.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Text, which is read by the btnGO_Click method at line 33 of WebGoat\Content\EncryptVSEncode.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -33136652*
Severity: High
CWE:79
Vulnerability details and guidance
string secret = txtString.Text;
string key = String.IsNullOrEmpty(txtPassword.Text) ? hardCodedKey : txtPassword.Text;
CX Reflected_XSS_All_Clients @ WebGoat/Content/ReadlineDoS.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/ReadlineDoS.aspx.cs in branch master
The application's btnUpload_Click embeds untrusted data in the generated output with Text, at line 23 of WebGoat\Content\ReadlineDoS.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input PostedFile, which is read by the btnUpload_Click method at line 17 of WebGoat\Content\ReadlineDoS.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 114883848
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 17
Stream fileContents = file1.PostedFile.InputStream;
CX Stored_XSS @ WebGoat/App_Code/DB/MySqlDbProvider.cs [master]
Stored_XSS issue exists @ WebGoat/App_Code/DB/MySqlDbProvider.cs in branch master
The application's ButtonRecoverPassword_Click embeds untrusted data in the generated output with Text, at line 67 of WebGoat\WebGoatCoins\ForgotPassword.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetPasswordByEmail method with ds, at line 357 of WebGoat\App_Code\DB\MySqlDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -1210714922
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 417 449 497 357 266 332
da.Fill(ds, "products");
da.Fill(ds);
da.Fill(ds, "categories");
da.Fill(ds);
da.Fill(ds);
da.Fill(ds);
CX Reflected_XSS_All_Clients @ WebGoat/App_Code/DB/MySqlDbProvider.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/App_Code/DB/MySqlDbProvider.cs in branch master
*The application's ButtonCheckEmail_Click embeds untrusted data in the generated output with Text, at line 38 of WebGoat\WebGoatCoins\ForgotPassword.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input row, which is read by the GetSecurityQuestionAndAnswer method at line 337 of WebGoat\App_Code\DB\MySqlDbProvider.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1608328765
The application's ButtonCheckEmail_Click embeds untrusted data in the generated output with Text, at line 37 of WebGoat\Content\ForgotPassword.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input row, which is read by the GetSecurityQuestionAndAnswer method at line 337 of WebGoat\App_Code\DB\MySqlDbProvider.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1608328765*
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 337
qAndA[0] = row[0].ToString();
CX SQL_Injection @ WebGoat/Content/SQLInjectionDiscovery.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/Content/SQLInjectionDiscovery.aspx.cs in branch master
The application's GetEmailByCustomerNumber method executes an SQL query with ExecuteScalar, at line 506 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnFind_Click method at line 27 of WebGoat\Content\SQLInjectionDiscovery.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -1764617920
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 27
string name = txtID.Text.Substring(0, 3);
CX SQL_Injection @ WebGoat/Content/SQLInjection.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/Content/SQLInjection.aspx.cs in branch master
The application's GetEmailByName method executes an SQL query with da, at line 524 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnFind_Click method at line 25 of WebGoat\Content\SQLInjection.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 25
string name = txtName.Text;
CX Stored_XSS @ WebGoat/WebGoatCoins/Orders.aspx.cs [master]
Stored_XSS issue exists @ WebGoat/WebGoatCoins/Orders.aspx.cs in branch master
The application's Page_Load embeds untrusted data in the generated output with BinaryExpr, at line 100 of WebGoat\WebGoatCoins\Orders.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the Page_Load method with Name, at line 100 of WebGoat\WebGoatCoins\Orders.aspx.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -773338861
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 100
Response.AppendHeader("Content-Disposition", "attachment; filename=" + fi.Name);
CX SQL_Injection @ WebGoat/Content/StoredXSS.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/Content/StoredXSS.aspx.cs in branch master
*The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnSave_Click method at line 30 of WebGoat\Content\StoredXSS.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 814239167
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnSave_Click method at line 30 of WebGoat\Content\StoredXSS.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 1526560893
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnSave_Click method at line 30 of WebGoat\Content\StoredXSS.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 1861518845
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnSave_Click method at line 30 of WebGoat\Content\StoredXSS.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 1254381819*
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 30
string error_message = du.AddComment("user_cmt", txtEmail.Text, txtComment.Text);
CX XPath_Injection @ WebGoat/Content/XPathInjection.aspx.cs [master]
XPath_Injection issue exists @ WebGoat/Content/XPathInjection.aspx.cs in branch master
The application's FindSalesPerson method constructs an XPath query, for navigating an XML document. The XPath query is created with BinaryExpr, at line 28 of WebGoat\Content\XPathInjection.aspx.cs, using an untrusted string embedded in the expression.
This may enable an attacker to modify the XPath expression, leading to an XPath Injection attack.
The attacker may be able to inject the modified XPath expression via user input, QueryString_state, which is retrieved by the application in the Page_Load method, at line 20 of WebGoat\Content\XPathInjection.aspx.cs. This value then flows through the code to BinaryExpr, as noted.
Similarity ID: 328116953
Severity: High
CWE:643
Vulnerability details and guidance
Lines: 20
FindSalesPerson(Request.QueryString["state"]);
CX HardcodedCredentials @ WebGoat/Web.config [master]
HardcodedCredentials issue exists @ WebGoat/Web.config in branch master
*The Web.config file WebGoat\Web.config define credentials at 55, that are later used for Form Authentication.
Similarity ID: -201443928
The Web.config file WebGoat\Web.config define credentials at 56, that are later used for Form Authentication.
Similarity ID: 360492972
The Web.config file WebGoat\Web.config define credentials at 57, that are later used for Form Authentication.
Similarity ID: 90400562*
Severity: High
CWE:489
Vulnerability details and guidance
<user name="admin" password="admin" />
<user name="mario" password="luigi" />
<user name="bob" password="password" />
CX Reflected_XSS_All_Clients @ WebGoat/Content/HeaderInjection.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/HeaderInjection.aspx.cs in branch master
*The application's Page_Load embeds untrusted data in the generated output with Text, at line 16 of WebGoat\Content\HeaderInjection.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Headers, which is read by the Page_Load method at line 16 of WebGoat\Content\HeaderInjection.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 1312910651
The application's Page_Load embeds untrusted data in the generated output with Text, at line 16 of WebGoat\Content\HeaderInjection.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input ToString, which is read by the Page_Load method at line 16 of WebGoat\Content\HeaderInjection.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 1312910651*
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 16
lblHeaders.Text = Request.Headers.ToString().Replace("&", "<br />");;
CX Stored_XSS @ WebGoat/App_Code/DB/SqliteDbProvider.cs [master]
Stored_XSS issue exists @ WebGoat/App_Code/DB/SqliteDbProvider.cs in branch master
*The application's Page_Load embeds untrusted data in the generated output with ImageUrl, at line 32 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetCustomerDetails method with ds, at line 194 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -590842559
The application's Page_Load embeds untrusted data in the generated output with Text, at line 42 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetCustomerDetails method with ds, at line 194 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -314230657
The application's Page_Load embeds untrusted data in the generated output with Text, at line 41 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetCustomerDetails method with ds, at line 194 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: 1160452591
The application's Page_Load embeds untrusted data in the generated output with NavigateUrl, at line 77 of WebGoat\WebGoatCoins\Orders.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetOrderDetails method with ds, at line 412 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: 2039287783
The application's LoadComments embeds untrusted data in the generated output with Text, at line 52 of WebGoat\Content\StoredXSS.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetComments method with ds, at line 230 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -1392707162
The application's ButtonCheckEmail_Click embeds untrusted data in the generated output with Text, at line 37 of WebGoat\Content\ForgotPassword.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetSecurityQuestionAndAnswer method with ds, at line 295 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -1136015080
The application's ButtonCheckEmail_Click embeds untrusted data in the generated output with Text, at line 38 of WebGoat\WebGoatCoins\ForgotPassword.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetSecurityQuestionAndAnswer method with ds, at line 295 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -1136015080
The application's Page_Load embeds untrusted data in the generated output with Text, at line 23 of WebGoat\WebGoatCoins\Catalog.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetProductsAndCategories method with ds, at line 460 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: 471013749
The application's Page_Load embeds untrusted data in the generated output with Text, at line 27 of WebGoat\WebGoatCoins\Catalog.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetProductsAndCategories method with ds, at line 460 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -83212602
The application's Page_Load embeds untrusted data in the generated output with Text, at line 28 of WebGoat\WebGoatCoins\Catalog.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetProductsAndCategories method with ds, at line 460 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: 1977384374
The application's Page_Load embeds untrusted data in the generated output with Text, at line 29 of WebGoat\WebGoatCoins\Catalog.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetProductsAndCategories method with ds, at line 460 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -436417018
The application's LoadComments embeds untrusted data in the generated output with Text, at line 82 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetProductDetails method with ds, at line 380 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -1574416171
The application's LoadComments embeds untrusted data in the generated output with Text, at line 83 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetProductDetails method with ds, at line 380 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -1153540997
The application's ButtonRecoverPassword_Click embeds untrusted data in the generated output with Text, at line 66 of WebGoat\Content\ForgotPassword.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetPasswordByEmail method with ds, at line 320 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -1540697536
The application's ButtonRecoverPassword_Click embeds untrusted data in the generated output with Text, at line 67 of WebGoat\WebGoatCoins\ForgotPassword.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the GetPasswordByEmail method with ds, at line 320 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: -1540697536*
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 320 194 230 295 380 412 460
da.Fill(ds);
da.Fill(ds);
da.Fill(ds);
da.Fill(ds);
da.Fill(ds, "products");
da.Fill(ds);
da.Fill(ds, "categories");
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/ProductDetails.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/ProductDetails.aspx.cs in branch master
*The application's LoadComments embeds untrusted data in the generated output with Text, at line 83 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input commentRow, which is read by the LoadComments method at line 76 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1381033229
The application's LoadComments embeds untrusted data in the generated output with Text, at line 83 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input commentRow, which is read by the LoadComments method at line 77 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 1726726949
The application's LoadComments embeds untrusted data in the generated output with Text, at line 82 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input prodRow, which is read by the LoadComments method at line 63 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 52255854
The application's LoadComments embeds untrusted data in the generated output with Text, at line 82 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input prodRow, which is read by the LoadComments method at line 65 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -842198844
The application's LoadComments embeds untrusted data in the generated output with Text, at line 83 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input prodRow, which is read by the LoadComments method at line 65 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 116643946
The application's LoadComments embeds untrusted data in the generated output with Text, at line 82 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input prodRow, which is read by the LoadComments method at line 64 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -679277585
The application's LoadComments embeds untrusted data in the generated output with Text, at line 83 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input prodRow, which is read by the LoadComments method at line 64 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 26363413
The application's LoadComments embeds untrusted data in the generated output with Text, at line 83 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input prodRow, which is read by the LoadComments method at line 68 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1043860937*
Severity: High
CWE:79
Vulnerability details and guidance
output += "<strong>" + prodRow["productName"].ToString() + "</strong><br/>";
output += "<hr/>" + prodRow["productDescription"].ToString() + "<br/>";
hiddenFieldProductID.Value = prodRow["productCode"].ToString();
comments += "<strong>Email:</strong>" + commentRow["email"] + "<span style='font-size: x-small;color: #E47911;'> (Email Address Verified!) </span><br/>";
comments += "<strong>Comment:</strong><br/>" + commentRow["comment"] + "<br/><hr/>";
output += "<img src='./images/products/" + prodRow["productImage"] + "'/><br/>";
CX Second_Order_SQL_Injection @ WebGoat/App_Code/DB/SqliteDbProvider.cs [master]
Second_Order_SQL_Injection issue exists @ WebGoat/App_Code/DB/SqliteDbProvider.cs in branch master
*The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker may be able to write arbitrary data to the database, which is then retrieved by the application with ds in GetProductDetails method at line 384 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This data then flows through the code, until it is used directly in the SQL query without sanitization, and then submitted to the database server for execution.
This may enable a Second-Order SQL Injection attack.
Similarity ID: -1133194525
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker may be able to write arbitrary data to the database, which is then retrieved by the application with ds in GetProductDetails method at line 384 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This data then flows through the code, until it is used directly in the SQL query without sanitization, and then submitted to the database server for execution.
This may enable a Second-Order SQL Injection attack.
Similarity ID: 1845599211
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker may be able to write arbitrary data to the database, which is then retrieved by the application with ExecuteScalar in GetCustomerEmail method at line 170 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This data then flows through the code, until it is used directly in the SQL query without sanitization, and then submitted to the database server for execution.
This may enable a Second-Order SQL Injection attack.
Similarity ID: 1410413037
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker may be able to write arbitrary data to the database, which is then retrieved by the application with ExecuteScalar in GetCustomerEmail method at line 170 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This data then flows through the code, until it is used directly in the SQL query without sanitization, and then submitted to the database server for execution.
This may enable a Second-Order SQL Injection attack.
Similarity ID: -1120390239
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker may be able to write arbitrary data to the database, which is then retrieved by the application with ds in GetProductDetails method at line 380 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This data then flows through the code, until it is used directly in the SQL query without sanitization, and then submitted to the database server for execution.
This may enable a Second-Order SQL Injection attack.
Similarity ID: -1089932941
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker may be able to write arbitrary data to the database, which is then retrieved by the application with ds in GetProductDetails method at line 380 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This data then flows through the code, until it is used directly in the SQL query without sanitization, and then submitted to the database server for execution.
This may enable a Second-Order SQL Injection attack.
Similarity ID: -1339593893*
Severity: High
CWE:89
Vulnerability details and guidance
da.Fill(ds, "comments");
output = command.ExecuteScalar().ToString();
da.Fill(ds, "products");
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/MainPage.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/MainPage.aspx.cs in branch master
*The application's Page_Load embeds untrusted data in the generated output with ImageUrl, at line 32 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input row, which is read by the Page_Load method at line 32 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1690190
The application's Page_Load embeds untrusted data in the generated output with Text, at line 42 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input row, which is read by the Page_Load method at line 42 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1929114591*
Severity: High
CWE:79
Vulnerability details and guidance
Image1.ImageUrl = "images/logos/" + row["logoFileName"];
cell2.Text = row[col].ToString();
CX Stored_XSS @ WebGoat/Content/ReadlineDoS.aspx.cs [master]
Stored_XSS issue exists @ WebGoat/Content/ReadlineDoS.aspx.cs in branch master
The application's btnUpload_Click embeds untrusted data in the generated output with Text, at line 23 of WebGoat\Content\ReadlineDoS.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the btnUpload_Click method with ReadLine, at line 23 of WebGoat\Content\ReadlineDoS.aspx.cs. This untrusted data then flows through the code straight to the output web page, without sanitization.
This can enable a Stored Cross-Site Scripting (XSS) attack.
Similarity ID: 1746607244
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 23
lblFileContent.Text += reader.ReadLine() + "<br />";
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/Catalog.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/Catalog.aspx.cs in branch master
*The application's Page_Load embeds untrusted data in the generated output with Text, at line 27 of WebGoat\WebGoatCoins\Catalog.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input prodRow, which is read by the Page_Load method at line 27 of WebGoat\WebGoatCoins\Catalog.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -208248066
The application's Page_Load embeds untrusted data in the generated output with Text, at line 29 of WebGoat\WebGoatCoins\Catalog.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input prodRow, which is read by the Page_Load method at line 29 of WebGoat\WebGoatCoins\Catalog.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1172656464*
Severity: High
CWE:79
Vulnerability details and guidance
lblOutput.Text += "<img src='./images/products/" + prodRow[3] + "'/><br/>\n";
lblOutput.Text += "<a href=\"ProductDetails.aspx?productNumber=" + prodRow[0].ToString() + "\"><br/>\n";
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/CustomerLogin.aspx [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/CustomerLogin.aspx in branch master
The application's %> embeds untrusted data in the generated output with Write, at line 9 of WebGoat\WebGoatCoins\CustomerLogin.aspx. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Request, which is read by the %> method at line 9 of WebGoat\WebGoatCoins\CustomerLogin.aspx. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 1629911777
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 9
//var return_url = <%= Request["ReturnUrl"] == null ? "\"\"" : "\"" + Request["ReturnUrl"].ToString() + "\"" %>
CX SQL_Injection @ WebGoat/WebGoatCoins/MainPage.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/WebGoatCoins/MainPage.aspx.cs in branch master
The application's GetCustomerDetails method executes an SQL query with da, at line 229 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Value; this input is then read by the Page_Load method at line 27 of WebGoat\WebGoatCoins\MainPage.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 27
string customerNumber = Request.Cookies["customerNumber"].Value;
CX SQL_Injection @ WebGoat/WebGoatCoins/ForgotPassword.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/WebGoatCoins/ForgotPassword.aspx.cs in branch master
The application's GetSecurityQuestionAndAnswer method executes an SQL query with da, at line 332 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the ButtonCheckEmail_Click method at line 28 of WebGoat\WebGoatCoins\ForgotPassword.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
labelPassword.Text = "Security Question Challenge Successfully Completed! <br/>Your password is: " + getPassword(txtEmail.Text);
string[] result = du.GetSecurityQuestionAndAnswer(txtEmail.Text);
CX SQL_Injection @ WebGoat/Content/ForgotPassword.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/Content/ForgotPassword.aspx.cs in branch master
The application's GetSecurityQuestionAndAnswer method executes an SQL query with da, at line 332 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the ButtonCheckEmail_Click method at line 27 of WebGoat\Content\ForgotPassword.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
labelPassword.Text = "Security Question Challenge Successfully Completed! <br/>Your password is: " + getPassword(txtEmail.Text);
string[] result = du.GetSecurityQuestionAndAnswer(txtEmail.Text);
CX Reflected_XSS_All_Clients @ WebGoat/Content/SQLInjectionDiscovery.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/SQLInjectionDiscovery.aspx.cs in branch master
The application's btnFind_Click embeds untrusted data in the generated output with Text, at line 30 of WebGoat\Content\SQLInjectionDiscovery.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Text, which is read by the btnFind_Click method at line 27 of WebGoat\Content\SQLInjectionDiscovery.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1450700211
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 27
string name = txtID.Text.Substring(0, 3);
CX Reflected_XSS_All_Clients @ WebGoat/Content/ReflectedXSS.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/ReflectedXSS.aspx.cs in branch master
The application's LoadCity embeds untrusted data in the generated output with Text, at line 26 of WebGoat\Content\ReflectedXSS.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Request, which is read by the Page_Load method at line 20 of WebGoat\Content\ReflectedXSS.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 449506992
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 20
LoadCity(Request["city"]);
CX SQL_Injection @ WebGoat/WebGoatCoins/ProductDetails.aspx.cs [master]
SQL_Injection issue exists @ WebGoat/WebGoatCoins/ProductDetails.aspx.cs in branch master
*The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnSave_Click method at line 41 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -802615478
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Value; this input is then read by the LoadComments method at line 89 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -2011131384
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Value; this input is then read by the btnSave_Click method at line 41 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 1296299569
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input prodRow; this input is then read by the LoadComments method at line 68 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 158839612
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnSave_Click method at line 41 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -90293752
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Cookies_customerNumber; this input is then read by the LoadComments method at line 89 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -2011131384
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input prodRow; this input is then read by the LoadComments method at line 65 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 1554917481
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 283 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input prodRow; this input is then read by the LoadComments method at line 64 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -49885922
The application's GetCustomerEmail method executes an SQL query with ExecuteScalar, at line 205 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Cookies_customerNumber; this input is then read by the LoadComments method at line 89 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 1821140108
The application's GetCustomerEmail method executes an SQL query with ExecuteScalar, at line 205 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Value; this input is then read by the LoadComments method at line 89 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 1821140108
The application's GetCustomerEmail method executes an SQL query with ExecuteScalar, at line 170 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Cookies_customerNumber; this input is then read by the LoadComments method at line 89 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 2038889730
The application's GetCustomerEmail method executes an SQL query with ExecuteScalar, at line 170 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Value; this input is then read by the LoadComments method at line 89 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 2038889730
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input prodRow; this input is then read by the LoadComments method at line 68 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -1883135202
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnSave_Click method at line 41 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -1016334894
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Cookies_customerNumber; this input is then read by the LoadComments method at line 89 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -432759342
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input prodRow; this input is then read by the LoadComments method at line 65 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -1554394223
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input prodRow; this input is then read by the LoadComments method at line 64 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: 236307836
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Text; this input is then read by the btnSave_Click method at line 41 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -1623471920
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Value; this input is then read by the LoadComments method at line 89 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -432759342
The application's AddComment method executes an SQL query with ExecuteNonQuery, at line 246 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Value; this input is then read by the btnSave_Click method at line 41 of WebGoat\WebGoatCoins\ProductDetails.aspx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Similarity ID: -981614903*
Severity: High
CWE:89
Vulnerability details and guidance
output += "<strong>" + prodRow["productName"].ToString() + "</strong><br/>";
output += "<hr/>" + prodRow["productDescription"].ToString() + "<br/>";
hiddenFieldProductID.Value = prodRow["productCode"].ToString();
string customerNumber = Request.Cookies["customerNumber"].Value;
string error_message = du.AddComment(hiddenFieldProductID.Value, txtEmail.Text, txtComment.Text);
CX Second_Order_SQL_Injection @ WebGoat/App_Code/ConfigFile.cs [master]
Second_Order_SQL_Injection issue exists @ WebGoat/App_Code/ConfigFile.cs in branch master
The application's TestConnection method executes an SQL query with ExecuteReader, at line 43 of WebGoat\App_Code\DB\SqliteDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
The attacker may be able to write arbitrary data to the database, which is then retrieved by the application with ReadAllLines in Load method at line 30 of WebGoat\App_Code\ConfigFile.cs. This data then flows through the code, until it is used directly in the SQL query without sanitization, and then submitted to the database server for execution.
This may enable a Second-Order SQL Injection attack.
Similarity ID: 412530475
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 30
foreach (string line in File.ReadAllLines(_filePath))
CX SQL_Injection @ WebGoat/WebGoatCoins/Autocomplete.ashx.cs [master]
SQL_Injection issue exists @ WebGoat/WebGoatCoins/Autocomplete.ashx.cs in branch master
The application's GetCustomerEmails method executes an SQL query with da, at line 566 of WebGoat\App_Code\DB\MySqlDbProvider.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input Request; this input is then read by the ProcessRequest method at line 25 of WebGoat\WebGoatCoins\Autocomplete.ashx.cs. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Lines: 25
string query = context.Request["query"];
CX Reflected_XSS_All_Clients @ WebGoat/ProxySetup.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/ProxySetup.aspx.cs in branch master
The application's btnReverse_Click embeds untrusted data in the generated output with Text, at line 17 of WebGoat\ProxySetup.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Text, which is read by the btnReverse_Click method at line 15 of WebGoat\ProxySetup.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 15
var name = txtName.Text;
CX Reflected_XSS_All_Clients @ WebGoat/Content/PathManipulation.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/PathManipulation.aspx.cs in branch master
*The application's Page_Load embeds untrusted data in the generated output with Text, at line 43 of WebGoat\Content\PathManipulation.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input QueryString_filename, which is read by the Page_Load method at line 33 of WebGoat\Content\PathManipulation.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 1229872314
The application's ResponseFile embeds untrusted data in the generated output with BinaryWrite, at line 88 of WebGoat\Content\PathManipulation.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input QueryString_filename, which is read by the Page_Load method at line 33 of WebGoat\Content\PathManipulation.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 1633161891*
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 33
string filename = Request.QueryString["filename"];
CX Reflected_XSS_All_Clients @ WebGoat/App_Code/DB/SqliteDbProvider.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/App_Code/DB/SqliteDbProvider.cs in branch master
*The application's ButtonCheckEmail_Click embeds untrusted data in the generated output with Text, at line 37 of WebGoat\Content\ForgotPassword.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input row, which is read by the GetSecurityQuestionAndAnswer method at line 300 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 217628973
The application's ButtonCheckEmail_Click embeds untrusted data in the generated output with Text, at line 38 of WebGoat\WebGoatCoins\ForgotPassword.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input row, which is read by the GetSecurityQuestionAndAnswer method at line 300 of WebGoat\App_Code\DB\SqliteDbProvider.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 217628973*
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 300
qAndA[0] = row[0].ToString();
CX Reflected_XSS_All_Clients @ WebGoat/Content/StoredXSS.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/StoredXSS.aspx.cs in branch master
*The application's LoadComments embeds untrusted data in the generated output with Text, at line 52 of WebGoat\Content\StoredXSS.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input row, which is read by the LoadComments method at line 49 of WebGoat\Content\StoredXSS.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 813563524
The application's LoadComments embeds untrusted data in the generated output with Text, at line 52 of WebGoat\Content\StoredXSS.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input row, which is read by the LoadComments method at line 48 of WebGoat\Content\StoredXSS.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1953770984*
Severity: High
CWE:79
Vulnerability details and guidance
comments += "<strong>Email:</strong>" + row["email"] + "<span style='font-size: x-small;color: #E47911;'> (Email Address Verified!) </span><br/>";
comments += "<strong>Comment:</strong><br/>" + row["comment"] + "<br/><hr/>";
CX Reflected_XSS_All_Clients @ WebGoat/Content/UploadPathManipulation.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/Content/UploadPathManipulation.aspx.cs in branch master
The application's btnUpload_Click embeds untrusted data in the generated output with Text, at line 26 of WebGoat\Content\UploadPathManipulation.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input FileName, which is read by the btnUpload_Click method at line 26 of WebGoat\Content\UploadPathManipulation.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -1621467145
Severity: High
CWE:79
Vulnerability details and guidance
Lines: 26
labelUpload.Text = "<div class='success' style='text-align:center'>The file " + FileUpload1.FileName + " has been saved in to the WebGoatCoins/uploads directory</div>";
CX Reflected_XSS_All_Clients @ WebGoat/WebGoatCoins/Orders.aspx.cs [master]
Reflected_XSS_All_Clients issue exists @ WebGoat/WebGoatCoins/Orders.aspx.cs in branch master
*The application's Page_Load embeds untrusted data in the generated output with NavigateUrl, at line 77 of WebGoat\WebGoatCoins\Orders.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input RawUrl, which is read by the Page_Load method at line 77 of WebGoat\WebGoatCoins\Orders.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -2125030789
The application's Page_Load embeds untrusted data in the generated output with Text, at line 83 of WebGoat\WebGoatCoins\Orders.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Request, which is read by the Page_Load method at line 62 of WebGoat\WebGoatCoins\Orders.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 364943441
The application's GridView1_RowDataBound embeds untrusted data in the generated output with Text, at line 114 of WebGoat\WebGoatCoins\Orders.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Text, which is read by the GridView1_RowDataBound method at line 114 of WebGoat\WebGoatCoins\Orders.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: -2056032715
The application's GridView1_RowDataBound embeds untrusted data in the generated output with NavigateUrl, at line 115 of WebGoat\WebGoatCoins\Orders.aspx.cs. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input Text, which is read by the GridView1_RowDataBound method at line 114 of WebGoat\WebGoatCoins\Orders.aspx.cs. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
Similarity ID: 1448060211*
Severity: High
CWE:79
Vulnerability details and guidance
link.Text = e.Row.Cells[0].Text;
HyperLink1.NavigateUrl = Request.RawUrl + "&image=images/products/" + image;
string orderNumber = Request["orderNumber"];
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.