forked from rohitcoderCdefense/vulnCodes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CWE-310.cs
43 lines (41 loc) · 1.41 KB
/
CWE-310.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Security.Cryptography;
using System.Text;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
con.Open();
string insertQuery = "insert into Table1 (username, password) values (@username, @password)";
SqlCommand com = new SqlCommand(insertQuery, con);
com.Parameters.AddWithValue("@username", TextBox1.Text);
com.Parameters.AddWithValue("@password", GetHash(TextBox2.Text));
com.ExecuteNonQuery();
Response.Write("Registration is successful");
con.Close();
}
public static string GetHash(string text)
{
using (SHA256 sha256Hash = SHA256.Create())
{
byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(text));
StringBuilder builder = new StringBuilder();
for (int i = 0; i < bytes.Length; i++)
{
builder.Append(bytes[i].ToString("x2"));
}
return builder.ToString();
}
}
}