diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java
index 2331d13..8ef8f47 100644
--- a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java
+++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java
@@ -9,6 +9,7 @@
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
+import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
@@ -48,8 +49,10 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
- Statement stmt = con.createStatement();
- rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'");
+ PreparedStatement pstmt = con.prepareStatement("select * from users where username=? and password=?");
+ pstmt.setString(1, user);
+ pstmt.setString(2, pass);
+ rs=pstmt.executeQuery();
if(rs != null && rs.next()){
HttpSession session=request.getSession();
session.setAttribute("isLoggedIn", "1");
diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java
index afa2f83..7f09ada 100644
--- a/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java
+++ b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java
@@ -55,7 +55,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
{
Statement stmt = con.createStatement();
- stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");
+ stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"',"+stmt.enquoteLiteral(String.valueOf(pass))+",'"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");
stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi
This is admin of this page.
Welcome to Our Forum')");
response.sendRedirect("index.jsp");
diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java b/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java
index 8ff5439..428fe3d 100644
--- a/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java
+++ b/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java
@@ -1,5 +1,6 @@
package messageQ;
+import java.sql.PreparedStatement;
import com.amazonaws.services.sqs.AmazonSQSClientBuilder;
import com.amazonaws.services.sqs.model.AmazonSQSException;
import com.amazonaws.services.sqs.model.SendMessageBatchRequest;
@@ -33,8 +34,9 @@ List read(){
String getId(string data){
try{
Connection con=DriverManager.getConnection("jdbc:mysql://db.com:3306/core", USER, PASS);
- Statement stmt = con.createStatement();
- rs = stmt.executeQuery("SELECT id FROM t where data = '" + data + "'");
+ PreparedStatement stmt = con.prepareStatement("SELECT id FROM t where data = ?");
+ stmt.setString(1, data);
+ rs = stmt.executeQuery();
return rs.getString("Id");
} catch (Exception exc){
//
diff --git a/src/main/webapp/admin/manageusers.jsp b/src/main/webapp/admin/manageusers.jsp
index daac64f..7c59f50 100644
--- a/src/main/webapp/admin/manageusers.jsp
+++ b/src/main/webapp/admin/manageusers.jsp
@@ -1,27 +1,33 @@
<%@ include file="/header.jsp" %>
- <%@page import="java.sql.Statement"%>
+<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.SQLException"%>
<%@page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%@page import="java.sql.Connection"%>
- <%
- Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
- Statement stmt = con.createStatement();
- if(request.getParameter("delete")!=null)
- {
- String user=request.getParameter("user");
- stmt.executeUpdate("Delete from users where username='"+user+"'");
- }
- %>
-
-
+ "/>
+
+
<%
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
@@ -39,8 +40,12 @@ if(session.getAttribute("isLoggedIn")!=null)
String expirydate=request.getParameter("expirydate");
if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals(""))
{
- Statement stmt = con.createStatement();
- stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')");
+ PreparedStatement pstmt = con.prepareStatement("INSERT into cards(id,cardno, cvv,expirydate) values (?,?,?,?)");
+ pstmt.setString(1, id);
+ pstmt.setString(2, cardno);
+ pstmt.setString(3, cvv);
+ pstmt.setString(4, expirydate);
+ pstmt.executeUpdate();
out.print(" * Card details added *");
}
else
diff --git a/src/main/webapp/vulnerability/Messages.jsp b/src/main/webapp/vulnerability/Messages.jsp
index fe2c4b9..019f3e8 100644
--- a/src/main/webapp/vulnerability/Messages.jsp
+++ b/src/main/webapp/vulnerability/Messages.jsp
@@ -1,33 +1,29 @@
<%@page import="java.sql.ResultSet"%>
-<%@page import="java.sql.Statement"%>
+<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.Connection"%>
<%@ include file="/header.jsp" %>
- <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
- <%
- if(session.getAttribute("isLoggedIn")!=null)
- {
- Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
- if(con!=null && !con.isClosed())
- {
- Statement stmt = con.createStatement();
- ResultSet rs =null;
- rs=stmt.executeQuery("select * from UserMessages where recipient='"+session.getAttribute("user")+"'");
- out.print("Message: ");
- out.println("");
- while (rs.next())
- {
- out.print("- "+rs.getString("subject")+"
");
-
- }
- out.println("
");
- }
- out.print("
Return to Profile Page >>");
-
- }
- else
- {
- out.print("* Please login to send message");
- }
- %>
-
- <%@ include file="/footer.jsp" %>
\ No newline at end of file
+<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
+<%
+if(session.getAttribute("isLoggedIn")!=null) {
+Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
+if(con!=null && !con.isClosed()) {
+String query = "select * from UserMessages where recipient=?";
+PreparedStatement pstmt = con.prepareStatement(query);
+pstmt.setString(1, session.getAttribute("user").toString());
+ResultSet rs = pstmt.executeQuery();
+out.print("Message: ");
+out.println("");
+while (rs.next()) {
+out.print("- ");
+out.print(rs.getString("subject"));
+out.print("
");
+}
+out.println("
");
+}
+out.print("
Return to Profile Page >>");
+}
+else {
+out.print("* Please login to send message");
+}
+%>
+<%@ include file="/footer.jsp" %>
\ No newline at end of file
diff --git a/src/main/webapp/vulnerability/forumposts.jsp b/src/main/webapp/vulnerability/forumposts.jsp
index e2c7096..c27178d 100644
--- a/src/main/webapp/vulnerability/forumposts.jsp
+++ b/src/main/webapp/vulnerability/forumposts.jsp
@@ -1,30 +1,28 @@
<%@page import="java.sql.ResultSet"%>
-<%@page import="java.sql.Statement"%>
+<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.Connection"%>
<%@ include file="/header.jsp" %>
- <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
- <%
- Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
-
- String postid=request.getParameter("postid");
- if(postid!=null)
- {
- Statement stmt = con.createStatement();
- ResultSet rs =null;
- rs=stmt.executeQuery("select * from posts where postid="+postid);
- if(rs != null && rs.next())
- {
- out.print("Title:"+rs.getString("title")+"");
- out.print("
- Posted By "+rs.getString("user"));
- out.print("
Content:
"+rs.getString("content"));
- }
- }
- else
- {
- out.print("ID Parameter is Missing");
- }
-
- out.print("
Return to Forum >>");
- %>
-
- <%@ include file="/footer.jsp" %>
\ No newline at end of file
+<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
+<%
+Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
+String postid=request.getParameter("postid");
+if(postid!=null)
+{
+PreparedStatement pstmt = con.prepareStatement("select * from posts where postid=?");
+pstmt.setString(1, postid);
+ResultSet rs =null;
+rs=pstmt.executeQuery();
+if(rs != null && rs.next())
+{
+out.print("Title:"+rs.getString("title")+"");
+out.print("
- Posted By "+rs.getString("user"));
+out.print("
Content:
"+rs.getString("content"));
+}
+}
+else
+{
+out.print("ID Parameter is Missing");
+}
+out.print("
Return to Forum >>");
+%>
+<%@ include file="/footer.jsp" %>
\ No newline at end of file
diff --git a/src/main/webapp/vulnerability/sqli/download_id.jsp b/src/main/webapp/vulnerability/sqli/download_id.jsp
index f0d5d24..12f9877 100644
--- a/src/main/webapp/vulnerability/sqli/download_id.jsp
+++ b/src/main/webapp/vulnerability/sqli/download_id.jsp
@@ -19,9 +19,10 @@
if(fileid!=null && !fileid.equals(""))
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
- Statement stmt = con.createStatement();
+ PreparedStatement pstmt = con.prepareStatement("select * from FilesList where fileid=?");
+ pstmt.setString(1, fileid);
ResultSet rs =null;
- rs=stmt.executeQuery("select * from FilesList where fileid="+fileid);
+ rs=pstmt.executeQuery();
if(rs != null && rs.next())
{
@@ -58,6 +59,10 @@
out.print("File Parameter is missing");
}
}
+ catch(SQLException e)
+ {
+ out.print("Oops, Something Went wrong");
+ }
catch(Exception e)
{
out.print("Oops, Something Went wrong");