File tree Expand file tree Collapse file tree 1 file changed +10
-7
lines changed Expand file tree Collapse file tree 1 file changed +10
-7
lines changed Original file line number Diff line number Diff line change @@ -18,13 +18,14 @@ namespace VulnerableWebApplication.VLAController
1818 public class VLAController
1919 {
2020 private static string LogFile ;
21+ private const string EncodedIp = "MTAuMTAuMTAuMjU2" ;
2122
2223 public static void SetLogFile ( string logFile )
2324 {
2425 LogFile = logFile ;
2526 }
2627
27- public static object VulnerableHelloWorld ( string FileName = "english" )
28+ public static object VulnerableHelloWorld ( string FileName )
2829 {
2930 /*
3031 Retourne le contenu du fichier correspondant à la langue choisie par l'utilisateur
@@ -191,16 +192,18 @@ Retourne un nouvel Id d'employé
191192
192193 public static async Task < IResult > VulnerableHandleFileUpload ( IFormFile UserFile , string Header )
193194 {
194- /*
195- Permets l'upload de fichier de type SVG
196- */
197- if ( ! Header . Contains ( "10.10.10.256" ) ) return Results . Unauthorized ( ) ;
195+ /*
196+ Permets l'upload de fichier de type SVG
197+ */
198+ var ipBytes = Convert . FromBase64String ( EncodedIp ) ;
199+ var ipString = Encoding . UTF8 . GetString ( ipBytes ) ;
198200
199- if ( UserFile . FileName . EndsWith ( ".svg" ) )
201+ if ( ! Header . Contains ( ipString ) ) return Results . Unauthorized ( ) ;
202+
203+ if ( UserFile . FileName . EndsWith ( ".svg" ) )
200204 {
201205 using var Stream = File . OpenWrite ( UserFile . FileName ) ;
202206 await UserFile . CopyToAsync ( Stream ) ;
203-
204207 return Results . Ok ( UserFile . FileName ) ;
205208 }
206209 else return Results . BadRequest ( ) ;
You can’t perform that action at this time.
0 commit comments