Please see the code below:
public ActionResult URLInjection(string id)
{
string connectionString = ConfigurationManager.ConnectionStrings["SQLInjection"].ToString();
using (SqlConnection connection = new SqlConnection(connectionString))
{
try
{
connection.Open()
SqlCommand command = new SqlCommand("select * from SQLInjection.Person WHERE ID = @id", connection);
command.Parameters.Add(new SqlParameter("@id", id));
command.CommandTimeout = 5;
command.ExecuteNonQuery();
using (System.IO.StreamWriter w = System.IO.File.AppendText("C:\\Development\\C#\\SQLInjection\\Log.log"))
{
w.WriteLine("Executed query");
}
Response.Redirect("~/Home/Index");
}
catch (Exception e)
{
//Log the error
}
}
I have deployed it to IIS on my local PC. Please see the SQLMap commands below:
C:\SQLMap\sqlmap.py -u http://localhost/SQLInjection/SQLInjection/URLInjection/1 --dbs --tamper between.py
If I execute this command, then SQLMap returns the names of all the databases on my local server.
If I change the IIS Port binding from 80 to 81 then it does not i.e. if I run the command below (after changing the port from 80 to 81) then it says there are no issues (I have confirmed that it can see the website on port 81):
C:\SQLMap\sqlmap.py -u http://localhost:81/SQLInjection/SQLInjection/URLInjection/1 --dbs --tamper between.py
This appears to indicate that there is a security problem with port 80 on my local development PC.
What could the problem be?
