Auth review

Aif4thah · Aif4thah · commit 0fe451c03a2b · 2024-09-30T08:26:15.000+02:00
diff --git a/Identity/VLAIdentity.cs b/Identity/VLAIdentity.cs
@@ -30,9 +30,7 @@ public static async Task<object> VulnerableQuery(string User, string Passwd)
         {
             /*
             Authentifie les utilisateurs par login et mot de passe, et renvoie un token JWT si l'authentification a réussi
-            */
-            
-            bool IsAdmin = false;
+            */          
             SHA256 Sha256Hash = SHA256.Create();
             byte[] Bytes = Sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(Passwd));
             StringBuilder stringbuilder = new StringBuilder();
@@ -41,10 +39,10 @@ public static async Task<object> VulnerableQuery(string User, string Passwd)
 
             VLAController.VLAController.VulnerableLogs("login attempt for:\n" + User + "\n" + Passwd + "\n", LogFile);
             var DataSet = VLAModel.Data.GetDataSet();
-            var Result = DataSet.Tables[0].Select("Passwd = '" + Hash + "' and User = '" + User + "'");            
-            if( DataSet.Tables[0].Select("User = '" + User.Replace("'", "''") + "' and IsAdmin = 1" ).Length > 0) IsAdmin = true;
+            var Result = DataSet.Tables[0].Select("Passwd = '" + Hash + "' and User = '" + User + "'");
+            var userRow = DataSet.Tables[0].AsEnumerable().FirstOrDefault(row => row.Field<string>("User") == User && row.Field<int>("IsAdmin") == 1);
 
-            return Result.Length > 0 ? Results.Ok(VulnerableGenerateToken(User, IsAdmin)) : Results.Unauthorized();
+            return Result.Length > 0 ? Results.Ok(VulnerableGenerateToken(User, userRow != null)) : Results.Unauthorized();
         }
 
         public static string VulnerableGenerateToken(string User, bool IsAdmin)
diff --git a/Model/Model.cs b/Model/Model.cs
@@ -43,7 +43,7 @@ Contenu de la BDD relationnelle (Utilisateurs)
             table.Columns.Add("User", typeof(string));
             table.Columns.Add("Passwd", typeof(string));
             table.Columns.Add("IsAdmin", typeof(int));
-            table.Rows.Add("User", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", 0);
+            table.Rows.Add("user", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", 0);
             table.Rows.Add("root", "ce5ca673d13b36118d54a7cf13aeb0ca012383bf771e713421b4d1fd841f539a", 1);
             table.Rows.Add("admin", "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a444", 1);
             table.Rows.Add("Alice", "9b510b4af0d9b121f68d5a3400975047cbf38f963963b4c7510842d9d6310e7f", 0);
diff --git a/SECURITY.md b/SECURITY.md
@@ -5,7 +5,7 @@ Run it at your own risk.
 
 ## Tracability
 
-A simple way to keep some logs is to redirect console output in a file :
+A simple way to keep some logs is to redirect console output into a file :
 
 ```powershell
 .\VulnerableWebApplication.exe >> C:\Users\<UserName>\log.txt
