LINQ Injection #17
Description
https://book.jorianwoltjer.com/languages/c#linq-injection
Language Integrated Query (LINQ) is a Microsoft library for C# used to query objects similar to SQL syntax. It does, however, support C# syntax with function calls embedded inside the syntax, such as:
using System.Linq.Dynamic.Core;
var query = products.AsQueryable();
var response = query.Where($"Name.Contains("{showProducts.name}")");
The above inserts user input from showProducts.name into the Where() call, which without sanitization allows an attacker to escape the " (double quote) and rewrite the query. For example:
X") || 1==1 || "" == ("X: Shows all products
X") || 1==2 || "" == ("X: Empty array