-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathStoredXSS.cs
More file actions
30 lines (25 loc) · 1.12 KB
/
StoredXSS.cs
File metadata and controls
30 lines (25 loc) · 1.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
// semmle-extractor-options: /r:${testdir}/../../../resources/assemblies/System.Data.dll /r:${testdir}/../../../resources/assemblies/System.Web.dll /r:${testdir}/../../../resources/assemblies/System.Web.Mvc.dll /r:System.ComponentModel.Primitives.dll /r:System.Collections.Specialized.dll /r:${testdir}/../../../resources/assemblies/System.Net.Http.dll
using System;
using System.Data.SqlClient;
using System.Web;
namespace Test
{
class StoredXSS
{
public void processRequest(HttpContext context)
{
using (SqlConnection connection = new SqlConnection(""))
{
connection.Open();
SqlCommand customerCommand = new SqlCommand("SELECT * FROM customers", connection);
SqlDataReader customerReader = customerCommand.ExecuteReader();
while (customerReader.Read())
{
// BAD: Read from database, write it straight to a response
context.Response.Write("Orders for " + customerReader.GetString(1));
}
customerReader.Close();
}
}
}
}