Skip to content

Vulnerability fix (powered by Mobb Autofixer) #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cx-israel-ogunsakin wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Vulnerability fix (powered by Mobb Autofixer) #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
1c55181
mobb fix commit: b0d69487-6500-4bea-bc96-a5a812ea65fd
Sep 25, 2023
6b6381a
mobb fix commit: 33512a9a-362b-4e5e-93a6-8e1ed0636bb0
Sep 25, 2023
4f5f6bd
mobb fix commit: 3d88a7cd-c2f0-4f8b-8588-a51d2dab7256
Sep 25, 2023
17bc6d1
mobb fix commit: 70a93748-f9d6-468f-818d-d8f975abda8a
Sep 25, 2023
d560926
mobb fix commit: 63636d0f-182b-4508-ab01-4de26456a0f0
Sep 25, 2023
01a74ec
mobb fix commit: 829d3d83-0ef4-4143-9f4c-2f2bf647fd85
Sep 25, 2023
c988b27
mobb fix commit: 0ad67e17-7c37-4db6-932b-0cf698bd014f
Sep 25, 2023
85e17d0
mobb fix commit: 0d5563d9-346f-4c60-b8ef-f5bb7aa9e7df
Sep 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
Expand Down Expand Up @@ -48,8 +49,10 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'");
PreparedStatement pstmt = con.prepareStatement("select * from users where username=? and password=?");
pstmt.setString(1, user);
pstmt.setString(2, pass);
rs=pstmt.executeQuery();
if(rs != null && rs.next()){
HttpSession session=request.getSession();
session.setAttribute("isLoggedIn", "1");
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/cysecurity/cspf/jvl/controller/Register.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
{

Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"',"+stmt.enquoteLiteral(String.valueOf(pass))+",'"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");
stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi<br/> This is admin of this page. <br/> Welcome to Our Forum')");

response.sendRedirect("index.jsp");
Expand Down
6 changes: 4 additions & 2 deletions src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package messageQ;

import java.sql.PreparedStatement;
import com.amazonaws.services.sqs.AmazonSQSClientBuilder;
import com.amazonaws.services.sqs.model.AmazonSQSException;
import com.amazonaws.services.sqs.model.SendMessageBatchRequest;
Expand Down Expand Up @@ -33,8 +34,9 @@ List<Message> read(){
String getId(string data){
try{
Connection con=DriverManager.getConnection("jdbc:mysql://db.com:3306/core", USER, PASS);
Statement stmt = con.createStatement();
rs = stmt.executeQuery("SELECT id FROM t where data = '" + data + "'");
PreparedStatement stmt = con.prepareStatement("SELECT id FROM t where data = ?");
stmt.setString(1, data);
rs = stmt.executeQuery();
return rs.getString("Id");
} catch (Exception exc){
//
Expand Down
40 changes: 23 additions & 17 deletions src/main/webapp/admin/manageusers.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,33 @@
<%@ include file="/header.jsp" %>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.SQLException"%>
<%@page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%@page import="java.sql.Connection"%>

<%
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
Statement stmt = con.createStatement();
if(request.getParameter("delete")!=null)
{
String user=request.getParameter("user");
stmt.executeUpdate("Delete from users where username='"+user+"'");
}
%>
<form action="manageusers.jsp" method="POST">
<%
ResultSet rs=stmt.executeQuery("select * from users where privilege='user'");
while(rs.next())
{
out.print("<input type='radio' name='user' value='"+rs.getString("username")+"'/> "+rs.getString("username")+"<br/>");
}
%>
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
PreparedStatement pstmt = null;
ResultSet rs = null;
if(request.getParameter("delete")!=null)
{
String user=request.getParameter("user");
String query = "Delete from users where username=?";
pstmt = con.prepareStatement(query);
pstmt.setString(1, user);
pstmt.executeUpdate();
}
%>
<form action="manageusers.jsp" method="POST">
<%
String query = "select * from users where privilege='user'";
pstmt = con.prepareStatement(query);
rs = pstmt.executeQuery();
while(rs.next())
{
out.print("<input type='radio' name='user' value='"+rs.getString("username")+"'/> "+rs.getString("username")+"<br/>");
}
%>
<br/>
<input type="submit" value="Delete" name="delete"/>

Expand Down
13 changes: 9 additions & 4 deletions src/main/webapp/changeCardDetails.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,9 @@ if(session.getAttribute("isLoggedIn")!=null)
<tr><td>Expiry Date:</td><td><input type="text" name="expirydate" value=""/> </td></tr>
<tr><td/><td><input type="submit" name="action" value="add"/></td></tr>
</table>
</form>
<br/>
<input type="hidden" name="csrf_token" value="<%=session.getAttribute("csrf_token")%>"/>
</form>
<br/>
<%
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));

Expand All @@ -39,8 +40,12 @@ if(session.getAttribute("isLoggedIn")!=null)
String expirydate=request.getParameter("expirydate");
if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals(""))
{
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')");
PreparedStatement pstmt = con.prepareStatement("INSERT into cards(id,cardno, cvv,expirydate) values (?,?,?,?)");
pstmt.setString(1, id);
pstmt.setString(2, cardno);
pstmt.setString(3, cvv);
pstmt.setString(4, expirydate);
pstmt.executeUpdate();
out.print("<b style='color:green'> * Card details added *</b>");
}
else
Expand Down
56 changes: 26 additions & 30 deletions src/main/webapp/vulnerability/Messages.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,29 @@
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.Connection"%>
<%@ include file="/header.jsp" %>
<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%
if(session.getAttribute("isLoggedIn")!=null)
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
if(con!=null && !con.isClosed())
{
Statement stmt = con.createStatement();
ResultSet rs =null;
rs=stmt.executeQuery("select * from UserMessages where recipient='"+session.getAttribute("user")+"'");
out.print("</br></br>Message: </br>");
out.println("<ol>");
while (rs.next())
{
out.print("<li><a href='DisplayMessage.jsp?msgid="+rs.getString("msgid")+" '>"+rs.getString("subject")+"</a></li>");

}
out.println("</ol>");
}
out.print("<br/><br/><a href='"+path+"/myprofile.jsp?id="+session.getAttribute("userid")+"'>Return to Profile Page &gt;&gt;</a>");

}
else
{
out.print("<span style='color:red'>* Please login to send message</span>");
}
%>

<%@ include file="/footer.jsp" %>
<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%
if(session.getAttribute("isLoggedIn")!=null) {
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
if(con!=null && !con.isClosed()) {
String query = "select * from UserMessages where recipient=?";
PreparedStatement pstmt = con.prepareStatement(query);
pstmt.setString(1, session.getAttribute("user").toString());
ResultSet rs = pstmt.executeQuery();
out.print("</br></br>Message: </br>");
out.println("<ol>");
while (rs.next()) {
out.print("<li><a href='DisplayMessage.jsp?msgid="+rs.getString("msgid")+" '>");
out.print(rs.getString("subject"));
out.print("</a></li>");
}
out.println("</ol>");
}
out.print("<br/><br/><a href='"+path+"/myprofile.jsp?id="+session.getAttribute("userid")+"'>Return to Profile Page &gt;&gt;</a>");
}
else {
out.print("<span style='color:red'>* Please login to send message</span>");
}
%>
<%@ include file="/footer.jsp" %>
52 changes: 25 additions & 27 deletions src/main/webapp/vulnerability/forumposts.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,28 @@
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.Connection"%>
<%@ include file="/header.jsp" %>
<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));

String postid=request.getParameter("postid");
if(postid!=null)
{
Statement stmt = con.createStatement();
ResultSet rs =null;
rs=stmt.executeQuery("select * from posts where postid="+postid);
if(rs != null && rs.next())
{
out.print("<b style='font-size:22px'>Title:"+rs.getString("title")+"</b>");
out.print("<br/>- Posted By "+rs.getString("user"));
out.print("<br/><br/>Content:<br/>"+rs.getString("content"));
}
}
else
{
out.print("ID Parameter is Missing");
}

out.print("<br/><br/><a href='forum.jsp'>Return to Forum &gt;&gt;</a>");
%>

<%@ include file="/footer.jsp" %>
<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
String postid=request.getParameter("postid");
if(postid!=null)
{
PreparedStatement pstmt = con.prepareStatement("select * from posts where postid=?");
pstmt.setString(1, postid);
ResultSet rs =null;
rs=pstmt.executeQuery();
if(rs != null && rs.next())
{
out.print("<b style='font-size:22px'>Title:"+rs.getString("title")+"</b>");
out.print("<br/>- Posted By "+rs.getString("user"));
out.print("<br/><br/>Content:<br/>"+rs.getString("content"));
}
}
else
{
out.print("ID Parameter is Missing");
}
out.print("<br/><br/><a href='forum.jsp'>Return to Forum &gt;&gt;</a>");
%>
<%@ include file="/footer.jsp" %>
9 changes: 7 additions & 2 deletions src/main/webapp/vulnerability/sqli/download_id.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@
if(fileid!=null && !fileid.equals(""))
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
Statement stmt = con.createStatement();
PreparedStatement pstmt = con.prepareStatement("select * from FilesList where fileid=?");
pstmt.setString(1, fileid);
ResultSet rs =null;
rs=stmt.executeQuery("select * from FilesList where fileid="+fileid);
rs=pstmt.executeQuery();
if(rs != null && rs.next())
{

Expand Down Expand Up @@ -58,6 +59,10 @@
out.print("File Parameter is missing");
}
}
catch(SQLException e)
{
out.print("Oops, Something Went wrong");
}
catch(Exception e)
{
out.print("Oops, Something Went wrong");
Expand Down