Demo Controller for MySql Connection to intern db

https://localhost:8443/api/MySqlConnection/checkReachable
Link for check the reachable

code/AmIVulnerable/AmIVulnerable/AmIVulnerable.csproj

@@ -22,6 +22,7 @@
     <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.0" />
+    <PackageReference Include="MySql.Data" Version="8.3.0" />
     <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
     <PackageReference Include="SerilogTimings" Version="3.0.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />

code/AmIVulnerable/AmIVulnerable/Controllers/MySqlConnectionController.cs

@@ -0,0 +1,48 @@
+using Microsoft.AspNetCore.Mvc;
+using MySql.Data.MySqlClient;
+using SerilogTimings;
+using System.Data;
+
+namespace AmIVulnerable.Controllers {
+
+    [Route("api/[controller]")]
+    [ApiController]
+    public class MySqlConnectionController : ControllerBase {
+
+        private readonly IConfiguration Configuration;
+
+        public MySqlConnectionController(IConfiguration configuration) {
+            Configuration = configuration;
+        }
+
+        [HttpGet, Route("checkReachable")]
+        public IActionResult PingWithDb() {
+            using (Operation.Time("TaskDuration")) {
+                try {
+                    MySqlConnection c = new MySqlConnection(Configuration["ConnectionStrings:cvedb"]);
+
+                    MySqlCommand cmd = new MySqlCommand("SELECT * FROM cve", c);
+
+                    c.Open();
+                    MySqlDataReader reader = cmd.ExecuteReader();
+                    DataTable dataTable = new DataTable();
+                    dataTable.Load(reader);
+                    reader.Close();
+                    c.Close();
+
+                    string r = "";
+                    foreach (DataRow row in dataTable.Rows) {
+                        foreach (object? item in row.ItemArray) {
+                            r += item;
+                        }
+                    }
+
+                    return Ok(r);
+                }
+                catch (Exception ex) {
+                    return BadRequest(ex.ToString());
+                }
+            }
+        }
+    }
+}

code/AmIVulnerable/AmIVulnerable/Program.cs

@@ -17,11 +17,11 @@ public static void Main (string[] args) {
 
             WebApplication app = builder.Build();
 
-            // Configure the HTTP request pipeline.
-            if (app.Environment.IsDevelopment()) {
+            //// Configure the HTTP request pipeline.
+            //if (app.Environment.IsDevelopment()) {
                 app.UseSwagger();
                 app.UseSwaggerUI();
-            }
+            //}
 
             Log.Logger = new LoggerConfiguration()
                 .MinimumLevel.Debug()
@@ -33,11 +33,13 @@ public static void Main (string[] args) {
                     )
                 .CreateLogger();
 
+            // Allow CORS
+            app.UseCors(x => x.AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin());
+
             app.UseHttpsRedirection();
 
             app.UseAuthorization();
 
-
             app.MapControllers();
 
             app.Run();

code/AmIVulnerable/AmIVulnerable/appsettings.json

@@ -5,5 +5,8 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "ConnectionStrings": {
+    "essenskasse": "Server=amivulnerable_db;Port=3306;Uid=u;Pwd=p;Database=cve;SslMode=None;"
+  }
 }