jbruinaud
commented
4 years ago Issue still exists.
SUMMARY
Issue has total 2 vulnerabilities left to be fix (Please scroll to the top for more information)
Open jbruinaud opened 4 years ago
jbruinaud
commented
4 years ago Issue still exists.
Issue has total 2 vulnerabilities left to be fix (Please scroll to the top for more information)
Heuristic_SQL_Injection issue exists @ App_Code/DB/MySqlDbProvider.cs in branch master
The application's ButtonCheckEmail_Click method executes an SQL query with GetSecurityQuestionAndAnswer, at line 26 of WebGoatCoins\ForgotPassword.aspx.cs. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly. This apparent database access is seemingly encapsulated in an external component or API. Thus, it seems that the attacker might be able to inject arbitrary data into the SQL query, by altering the user input row, which is read by the GetSecurityQuestionAndAnswer method, at line 319 of App_Code\DB\MySqlDbProvider.cs. This input then flows through the code to the external API, and from there to a database server, apparently without sanitization. This may enable an SQL Injection attack, based on heuristic analysis.
Severity: Low
CWE:89
Checkmarx
Lines: 337 338
Code (Line #337):
Code (Line #338):