I have a textbox which is used for searching the data within the site. What my client wants that,
1)Enter any text in the search field and click the search symbol.
2)The request going to the server using a web proxy tool like "Burp"
3)Append the parameter with the script present as
what happens here is
The XSS script entered by the advesary gets reflected in the response without any input.
I have found a line of code, which might get effected with SQL injection. See the code which is highlighted.
private void SearchResult()
{
DataTable dt;
if (Session["Search"] == null)
{
ResXResourceReader reader = new ResXResourceReader(Server.MapPath("~/App_GlobalResources/Strings.en-US.resx"));
IDictionaryEnumerator id = reader.GetEnumerator();
string sResourceFile = Server.MapPath("~/App_GlobalResources/Strings.en-US.resx");
XmlDocument xmlResource = new XmlDocument();
xmlResource.Load(sResourceFile);
XmlNodeList elmData = xmlResource.SelectNodes("//root/data");
dt = new DataTable();
dt.Columns.Add(new DataColumn("ID", System.Type.GetType("System.String")));
dt.Columns.Add(new DataColumn("Title", System.Type.GetType("System.String")));
dt.Columns.Add(new DataColumn("Description", System.Type.GetType("System.String")));
dt.Columns.Add(new DataColumn("Url", System.Type.GetType("System.String")));
dt.Columns.Add(new DataColumn("Link", System.Type.GetType("System.String")));
foreach (XmlElement element in elmData)
{
DataRow dr = dt.NewRow();
dr["ID"] = element.GetAttribute("name");
//dr["Title"] = element.GetAttribute("name");
XmlNodeList sDescription = element.SelectNodes("value");
dr["Title"] = sDescription.Count > 0 ? sDescription.Item(0).InnerText : string.Empty; ;
dr["Description"] = string.Empty;
XmlNodeList sUrl = element.SelectNodes("comment");
if (sUrl.Count > 0)
{
Int32 sPgTitle = sUrl.Item(0).InnerText.LastIndexOf(".") + 1;
if (sPgTitle > 0)
{
dr["Url"] = sUrl.Item(0).InnerText;
//dr["Url"] = Request.Url.Host.ToLower() + "/rbank/" + sUrl.Item(0).InnerText;
dr["Link"] = string.Empty;
}
else
{
dr["Link"] = sUrl.Item(0).InnerText;
}
dt.Rows.Add(dr);
}
}
DataRow[] drDelete = dt.Select("Link <> ''");
foreach (DataRow drCheck in drDelete)
{
dt.Rows.Remove(drCheck);
}
dt.TableName = "FilterValues";
reader.Close();
Session["Search"] = dt;
}
else
{
dt = Session["Search"] as DataTable;
}
DataView dv = new DataView();
dv.Table = dt;dv.RowFilter = "Description LIKE ('%" + Request.QueryString["tx"].Trim().ToLower() + "%') or Title LIKE ('%" + Request.QueryString["tx"].Trim().ToLower() + "%')";
dv.Sort = "Title ASC";
dgrdPages.DataSource = dv;
dgrdPages.DataBind();
lblSearchWords.Text = Request.QueryString["tx"].Trim();
lblFilesFound.Text = dv.Count.ToString();
}
protected string Url(string sUrl)
{
if (string.IsNullOrEmpty(sUrl) == false)
{
//sUrl = "<a href='" + sUrl + "'> View Page </a>";
sUrl = "<a href='" + Request.Url.GetLeftPart(UriPartial.Authority) + VirtualPathUtility.ToAbsolute("~/") + sUrl + "'> View Page </a>";
}
return String.Format("{0}", sUrl);
}Do let me know if you need anything else related to this.
Can any one help me with this, that it should prevent from getting injected. Any help would be appreciated.