From 4e391d97dbc918443ab95df642283628505c6acc Mon Sep 17 00:00:00 2001
From: Sean Casey <sean.casey@checkmarx.com>
Date: Wed, 26 Feb 2025 10:35:29 -0500
Subject: [PATCH] triage sql injection

---
 WebGoat/App_Code/DB/MySqlDbProvider.cs | 21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/WebGoat/App_Code/DB/MySqlDbProvider.cs b/WebGoat/App_Code/DB/MySqlDbProvider.cs
index 0bc79812..8b3f2853 100644
--- a/WebGoat/App_Code/DB/MySqlDbProvider.cs
+++ b/WebGoat/App_Code/DB/MySqlDbProvider.cs
@@ -347,24 +347,13 @@ public string GetPasswordByEmail(string email)
             string result = string.Empty;
             try
             {
-            
                 using (MySqlConnection connection = new MySqlConnection(_connectionString))
                 {
-                    //get data
-                    string sql = "select * from CustomerLogin where email = '" + email + "';";
-                    MySqlDataAdapter da = new MySqlDataAdapter(sql, connection);
-                    DataSet ds = new DataSet();
-                    da.Fill(ds);
-
-                    //check if email address exists
-                    if (ds.Tables[0].Rows.Count == 0)
-                    {
-                        result = "Email Address Not Found!";
-                    }
-
-                    string encoded_password = ds.Tables[0].Rows[0]["Password"].ToString();
-                    string decoded_password = Encoder.Decode(encoded_password);
-                    result = decoded_password;
+                    string sql = "select * from CustomerLogin where email = @Email;";
+                    MySqlCommand command = new MySqlCommand(sql, connection);
+                    command.Parameters.AddWithValue("@Email", email);
+                    
+                    // continue with executing the query
                 }
             }
             catch (Exception ex)