• The code is meant to handle user authentication, but unfortunately, it contains a vulnerability. A bonus vulnerability is also present, can you spot that as well?
  using System;
using System.Data;
using System.Data.SqlClient;
using Microsoft.AspNetCore.Mvc;

public class Clients
{
    public string email { get; set; }
    public string password { get; set; }
}

[HttpPost]
public IActionResult LoginUser([FromBody] Clients model)
{
    var email = model.email;
    var password = model.password;

    string constring = "Data Source=localhost\\sqlexpress;Initial Catalog=testdb;Integrated Security=True";

    var log = "User " + email + " logged in.";

    using (SqlConnection con = new SqlConnection(constring))
    {
        con.Open();
        string query = "INSERT INTO logs (log) values (@log)";
        SqlParameter logParam = new SqlParameter("@log", SqlDbType.NVarChar, 50);
        logParam.Value = log;

        using (SqlCommand cmd = new SqlCommand(query, con))
        {
            SqlDataReader reader = cmd.ExecuteReader();
        }
    }

    using (SqlConnection con = new SqlConnection(constring))
    {
        con.Open();
        string query = "SELECT * FROM clients WHERE email=@email AND password=@password";
        SqlParameter emailParam = new SqlParameter("@email", SqlDbType.NVarChar, 50);
        emailParam.Value = email;
        SqlParameter passwordParam = new SqlParameter("@password", SqlDbType.NVarChar, 50);
        passwordParam.Value = password;

        using (SqlCommand cmd = new SqlCommand(query, con))
        {
            SqlDataReader reader = cmd.ExecuteReader();
            if (reader.HasRows)
            {
                return Content("Login successful");
            }
            else
            {
                return Content("Login unsuccessful");
            }
        }
    }
}
  
  Stay tuned for updates on the solution !!

References