using a linqDataSource control... in the selecting event I have code like the following for a simple search feature:
[Code]....
In general, would dynamically building the 'Where' property of a linqDataSource be vulnerable to sql injection? Or does the control protect against this internally?
Is this LINQ statment vulnerable to SQL injection?
var result = from b in context.tests
where b.id == inputTextBox.Text
select b;
where context is an Entity and tests is a table. I'm trying to learn LINQ and I thought that the benefit of it was that it wasn't vulnerable to sql injection, but some stuff I've see has said differently. Would I need to parametrize this LINQ statement to make it safer? If so, How? Also would this be considered linq to sql or linq to entities?
I would now like to check if my code is still open to SQL Injections after this work. I believe the code is now working as it should, but any blinding errors that you see i'd love to hear about too. My code is now looking like:
-code removed-
i need all the details to How to prevent by sql injection by using stored procedure .
View 7 RepliesI know the following sproc is vulnerable to SQL injection:
[Code]....
I would like to write a call to this sproc that uses SQL injection to execute the additional command:
[Code]....
That way, I can demonstrate the vulnerability of the sproc to SQL injection and test any revised implementations of the sproc using the same test call.
Problem is, SQL injection is harder than I thought! I just can't seem to do it.
Can anyone provide me with text for the sproc call to execute the additional command?
I've been reading up on SQL Injection and want to go back and implement some measures to prevent these kinds of potential attacks.For example, on our company intranet, we have an address book feature and a search function so the user is able to look a company or a person up from the database/The user will enter their query into a TextBox control and click the Submit button, calling the following function:addybookDS1.SelectCommand = "SELECT * FROM [addressbook] WHERE COMPANY LIKE '%" + search1 + "%' OR CONTACT LIKE '%" + search1 + "%' OR LASTNAME LIKE '%" + search1 + "%' OR EMAIL LIKE '%" + search1 + "%'"search1 is the TextBox controlI had previously implemented this measure:search1 = Replace(search1, "'", "''")But I want to know if there is more I can do here and how I can go about doing it.
View 16 RepliesI'm using a literal to display some javascript on a product page control. Basically what I'm doing is in my code behind I'm declaring a new stringbuilder, writing the script while inserting some dynamic variables to populate the script then setting the literal text to the stringbuilder. This leaves me open to xss attacks. What can I do to prevent this?
System.Text.StringBuilder sb = new System.Text.StringBuilder();
//loop through items in the collection
for (int i = 0; i < _prod.ActiveProductItemCollection.Count; i++)
{
sb.Append("<script type='text/javascript'>");
//add +1 to each item
sb.AppendFormat("mboxCreate("product_productpage_rec{0}",", i+1);
[code]...
THE CODE:
Session["foo"] = "bar";
Response.Redirect("foo.aspx");
THE PROBLEM:
When foo.aspx reads "foo" from the session, it's not there. The session is there, but there's no value for "foo".
I've observed this intermittently in our production environment. But I don't mean here to ask a question about Response.Redirect().
THE EXPLANATION:
Bertrand Le Roy explains (the bolding is mine): Now, what Redirect does is to send a special header to the client so that it asks the server for a different page than the one it was waiting for. Server-side, after sending this header, Redirect ends the response. This is a very violent thing to do. Response.End actually stops the execution of the page wherever it is using a ThreadAbortException. What
happens really here is that the session token gets lost in the battle. My takeaway there is that Response.Redirect() can be heavy-handed
with ending threads. And that can threaten my session writes if they occur too near that heavy-handedness.
THE QUESTION:
What about ASP.NET session management makes it so vulnerable to this? The Response.Redirect() line of code doesn't begin its execution until the session write line is "finished" -- how can it be such a threat to my session write? What about the session write doesn't "finish" before the next line of code executes? Are there other scenarios in which session writes are similarly (as though they never occurred) lost?
I was performed tests againts my web server using Shadow Security Scanner with the following results:
Web Servers : Vulnerable script
Port : 80
Description: Found vulnerable script on this web site
Risk level :High
Script: http://servername/ScriptResource.axd?d=P4tzN-eCJlchxi30M7K6eGzyH7tdeY4timDGCw0yDS45Ur477KM8CSqJQdqun4VDGbs5xXGPE 7VeqXqRIDyOHxwoopCbgbWmKFLiyKB1Qs5UDJTyZQYe4zURSEshSBwPOm1hORh40237AJZ_EWO2n2-3IwAzTY__px0r6WbIYgWamkVz0&t=/etc/passwd
CVE : GENERIC-MAP-NOMATCH
Why ScriptResource.axd is a vulnerable script?
I am using c#.net web application.I will not allow reply attacks in my application.How do i prevent from the same.
View 3 RepliesThis involves using the Membership provider to add a comment to users server side records when they log in and out, and then confirming that when a cookie is used to authenticate, that the user hasn't logged out. This makes perfect sense to me. Where this starts to fall apart is that we do not currently use a membership provider, and so it seems like I face reimplementing all our authentication code to use a membership provider. We currently check authentication in a controller, and make a call to FormsAuthentication.SetAuthCookie() once we know the user exists. It would be a lot of work to force a membership provider in.
Is all this work really neccesary. Can I roll my own key value store of cookie values to logged in users and just make sure I clear this when a user hits the logout button. If this seems unsafe is there a way of implementing a minimal Membership provider in order to make these checks without handing off all authentication code to it?
I guess my main problem here is that we decided a long time ago that the membership provider model doesnt fit with the model we use for locking and unlocking accounts, and chose not to use it. Now we find that the MS recommendations specifically mention a membership provider, and as this is security I need to be sure that not using it as they recommend isn't going to cause troubles.
Let's say a security tester uses a proxy, say Fiddler, and records an HTTPS request using the administrator's credentials-- on replay of the entire request (including session and auth cookies) the security tester is able to succesfully (re)record transactions. The claim is that this is a sign of a CSRF vulnerability.
What would a malicious user have to do to intercept the HTTPS request and replay it? It this a task for script kiddies, well funded military hacking teams or time-traveling-alien technology? Is it really so easy to record the SSL sessions of users and replay them before the tickets expire?
No code in the application currently does anything interesting on HTTP GET, so AFAIK, tricking the admin into clicking a link or loading a image with a malicious URL isn't an issue.
When a user presses Button1 on the Webpage, I would like to copy slightly modified string from txt1 (Text) into txt2 (Text).
The problem is sometimes I get an error "a potentially dangerous request.form value was detected from the client validaterequest". I get this error when special symbols llike "<" or ">" are in txt1.Text.I've read about that problem. That error is to prevent from hackers who can input scripts into the txt1.All I did is:
1) Put validateRequest="false" into <%@ Page Language="VB" validateRequest="false" at Default.aspx.
2) Default.aspx.vb contains now:
sHTMLEncodedString = Server.HtmlEncode(txt1.Text))
[code]....
Now it works and allows to take any data from txt1, slightly modify it and put into txt2.So, my question is: Did a level of security was reduced after I wrote validateRequest="false" ? Any code should be added to keep the good level of security? Or, I'd better use another way to copy txt1 to txt2?
where does following HTTP error message come from:
Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags.
We're using dynamically generated URLs and in this specific case the URL contains the characters '<' or '>'. We do URL encode the generated URL (so '%3C' appeary instead of '<') but it doesn't Our setup is ASP.NET MVC / IIS 7.5 / IE8. It's strange but it looks like the error appears only on some machines. So it could be that the IE internet zone settings are playing a role.
I have a ASP.NET XML web service (asmx) running on .NET 3.5. I am trying to figure out how best to prevent replay attacks. Is there any inherent security by .NET 3.5 that should mitigate this issue, or do I need some kind of SOAP header token value?
View 1 RepliesI've just started wokring with Asp.Net mvc and i relay love it. One thing I don't know how to do it yet is:
If I want to develope a new user control (e. g. PeoplePicker) how I get the data? I don't want to use allways ajax requests, some controls should be initialized when the page is loaded. So I could use the Html Helpers and create own extension. So far this is exactly what i want and it's working. But now to the real problem. I can't use dependency injection in extension methods (I'm using spring.net, but the problem should be in all di frameworks).
So which approche is the most common to use this problem? Must I realy pass in the data from my controller? But then the controller must know how my user controls works, I don't want that!
Is the DetailsView control generally safe from SQL injection attacks if the EDIT mode is displayed?
View 3 RepliesI am using microsoft visual web developer 2010 to build and publish my website, I am facing a security problem. My website has authentication service for my clients, each one he has his own user name and password. After I introduced a new member, my database collapsed, may be this last member is a hacker. Is their a way to improve security vulnerabilities to prevent future attacks. May be through web.config, could be encrypted.
View 11 RepliesI am using linq and i want secure coding method in c# so the I can prevent database Injection in my site.
View 1 RepliesI want to display the world's top 100 IT giants list up-to-date on my webapge. from where can i get the informaiton? Is it possible to get the RSS feed for this?
View 4 RepliesI want to know how my data could be compromised using a statemnt like SELECT [ID], [item], [price] FROM [Items] where item LIKE '%' + mitem + '%'" what line of could be considered an attack to the data.
View 16 RepliesI've a blog-driven ASP.NET website. Under the post, there is a Comment block to let readers post comments.I've used some TextBoxes and TextArea for that.To Prevent XSS:I've filtered the input by using: Server.HtmlEncode() Method (I don't care about text formatting).To Prevent SQL-Injection:I'm using Linq To SQL (that should be like parametrized queries I think!).
ArticlesDataClasses dc = new ArticlesDataClasses();
ArticleComment newComm = new ArticleComment()
{
ArticleID = int.Parse(Request.QueryString["ArticleID"]),
CommentAuthor = Server.HtmlEncode(txtName.Text),
CommentText = Server.HtmlEncode(txtComment.InnerHtml).Replace("
", "<br />"),
CommentAuthorEmail = Server.HtmlEncode(txtMail.Text),
CommentTime = DateTime.Now,
Enabled = false
};
I have a page using an injected BLL service: a simple service returning a set of objects with a function like this:
public IMyService { List<Foo> All(); }
There is a default implementation for normal users.Now, i need that users in administrative role can view more objects, with another implementation of the service.Where can i configure my page to use the second implementation?
My first solution is to put the dependency to the IUnityContainer in the page, and use it to resolve the dependency:
[Dependency]
public IUnityContainer Container { get; set;}
Page_Init(..) [code].....
it's a ServiceLocator and it's neither scalable neither testable.
During the design of a new generic authentication framework for some of our products, I have come across an architectural issue I cannot seem to find a good solution for.I have tried to simplify the problem in order to easily explain it.
The library has two classes:
Manager Is responsible for storing currently authenticated users.Module It is the responsibility for the module to validate each request according to security policies. The Module must ask the manager to determine whether a user is currently authenticated.
Now the manager is supplied an implementation of an interface which allows the manager to load users from a repository. The specific implementation is not contained in this library. Because of this, I cannot directly instantiate an instance of the repository within the library.
I have no way of modifying properties or supplying arguments for the module constructor. So my question is this, how can I give the module a reference to an instance of the Manager?
namespace Demo
{
public interface IRepository
{[code].....
prevent my data from SQL injection. I have replaced ' with '' (single quote with 2 quote) while doing any operation on sql server. tell me what all i need to do , to prevent my application from SQL injection. my application is in asp.net 2.0 i will use parameterized queries but what about my old projects.. i mean what about where i have written a string query and sending it to sql server as a commandtext. can any one insert sql injection even i have replaced ' with ''?
View 3 Replies