DVWATEST/SQLi.cs at master · WoznicaOliver/DVWATEST · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using System;
using System.Data.SqlClient;

namespace WebFox.Controllers
{
    [ApiController]
    [Route("[controller]")]
    public class Sqli : ControllerBase
    {

        private readonly ILogger<Sqli> _logger;

        public Sqli(ILogger<Sqli> logger)
        {
            _logger = logger;
        }


        [HttpGet("{id}")]
        public string DoSqli(string id)
        {
            string conString = "I AM a connection String";
            using (SqlCommand cmd = new SqlCommand("SELECT * FROM users WHERE userId = '" + id + "'"))
            {
                using (SqlConnection con = new SqlConnection(conString))
                {
                    con.Open();
                    cmd.Connection = con;
                    SqlDataReader reader = cmd.ExecuteReader();
                    string res = "";
                    while (reader.Read())
                    {
                        res += reader["userName"];
                    }
                    return res;
                }
            }
        }
    }
}