Vulnerability fix (powered by Mobb Autofixer)

src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java

@@ -6,6 +6,7 @@
 
 package org.cysecurity.cspf.jvl.controller;
 
+import java.sql.PreparedStatement;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.sql.Connection;
@@ -48,8 +49,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
                     if(con!=null && !con.isClosed())
                                {
                                    ResultSet rs=null;
-                                   Statement stmt = con.createStatement();  
-                                   rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'");
+                                   PreparedStatement stmt = con.prepareStatement("select * from users where username=? and password='"+pass+"'");  
+                                   stmt.setString(1, user);
+                                   rs=stmt.executeQuery();
                                    if(rs != null && rs.next()){
                                    HttpSession session=request.getSession();
                                    session.setAttribute("isLoggedIn", "1");

src/main/java/org/cysecurity/cspf/jvl/controller/Register.java

@@ -55,7 +55,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
                                {
 
                                    Statement stmt = con.createStatement();  
-                                  stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");
+                                  stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,"+stmt.enquoteLiteral(String.valueOf(secret))+")");
                                        stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi<br/> This is admin of this page. <br/> Welcome to Our Forum')");
 
                                     response.sendRedirect("index.jsp");

src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java

@@ -6,6 +6,7 @@
 
 package org.cysecurity.cspf.jvl.controller;
 
+import java.sql.PreparedStatement;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.sql.Connection;
@@ -48,8 +49,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
                 if(con!=null && !con.isClosed())
                 {
                     ResultSet rs=null;
-                    Statement stmt = con.createStatement();  
-                    rs=stmt.executeQuery("select * from users where username='"+user+"'");
+                    PreparedStatement stmt = con.prepareStatement("select * from users where username=?");  
+                    stmt.setString(1, user);
+                    rs=stmt.executeQuery();
                     if (rs.next()) 
                     {  
                      json.put("available", "1");