diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java
index 2331d13..068314f 100644
--- a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java
+++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java
@@ -6,6 +6,7 @@
package org.cysecurity.cspf.jvl.controller;
+import java.sql.PreparedStatement;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
@@ -48,8 +49,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
- Statement stmt = con.createStatement();
- rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'");
+ PreparedStatement stmt = con.prepareStatement("select * from users where username='"+user+"' and password=?");
+ stmt.setString(1, pass);
+ rs=stmt.executeQuery();
if(rs != null && rs.next()){
HttpSession session=request.getSession();
session.setAttribute("isLoggedIn", "1");
diff --git a/src/main/webapp/admin/adminlogin.jsp b/src/main/webapp/admin/adminlogin.jsp
index 9d5b46f..ba30ec4 100644
--- a/src/main/webapp/admin/adminlogin.jsp
+++ b/src/main/webapp/admin/adminlogin.jsp
@@ -15,8 +15,10 @@ if(request.getParameter("Login")!=null)
if(con!=null && !con.isClosed())
{
ResultSet rs=null;
- Statement stmt = con.createStatement();
- rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"' and privilege='admin'");
+ PreparedStatement pstmt = con.prepareStatement("select * from users where username=? and password=? and privilege='admin'");
+ pstmt.setString(1, user);
+ pstmt.setString(2, pass);
+ rs=pstmt.executeQuery();
if(rs != null && rs.next()){
session.setAttribute("isLoggedIn", "1");
session.setAttribute("userid", rs.getString("id"));
diff --git a/src/main/webapp/changeCardDetails.jsp b/src/main/webapp/changeCardDetails.jsp
index ca164c7..76ae241 100644
--- a/src/main/webapp/changeCardDetails.jsp
+++ b/src/main/webapp/changeCardDetails.jsp
@@ -1,11 +1,5 @@
<%@ include file="/header.jsp" %>
- <%@page import="java.sql.Connection"%>
-<%@page import="java.sql.Statement"%>
-<%@page import="java.sql.SQLException"%>
-
-<%@page import="java.sql.ResultSetMetaData"%>
-<%@page import="java.sql.ResultSet"%>
-<%@ page import="java.util.*,java.io.*"%>
+<%@ page import="java.sql.Connection,java.sql.PreparedStatement,java.sql.SQLException"%>
<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
@@ -24,38 +18,37 @@ if(session.getAttribute("isLoggedIn")!=null)
<%
- Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
-
- String id=session.getAttribute("userid").toString(); //Gets User ID
- String action=request.getParameter("action");
- try
- {
-
- if(action!=null && action.equalsIgnoreCase("add") )
+ Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
+ String id=session.getAttribute("userid").toString(); //Gets User ID
+ String action=request.getParameter("action");
+ try
{
-
- String cardno=request.getParameter("cardno");
- String cvv=request.getParameter("cvv");
- String expirydate=request.getParameter("expirydate");
- if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals(""))
- {
- Statement stmt = con.createStatement();
- stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')");
- out.print(" * Card details added *");
- }
- else
+ if(action!=null && action.equalsIgnoreCase("add") )
{
- out.print("* Please Fill all the details * ");
+ String cardno=request.getParameter("cardno");
+ String cvv=request.getParameter("cvv");
+ String expirydate=request.getParameter("expirydate");
+ if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals(""))
+ {
+ PreparedStatement pstmt = con.prepareStatement("INSERT into cards(id,cardno, cvv,expirydate) values (?,?,?,?)");
+ pstmt.setString(1, id);
+ pstmt.setString(2, cardno);
+ pstmt.setString(3, cvv);
+ pstmt.setString(4, expirydate);
+ pstmt.executeUpdate();
+ out.print(" * Card details added *");
+ }
+ else
+ {
+ out.print("* Please Fill all the details * ");
+ }
}
+ out.print("
Return to Profile Page >>");
}
-
- out.print("
Return to Profile Page >>");
-
+ catch(SQLException e)
+ {
+ out.print(e);
}
- catch(Exception e)
- {
- out.print(e);
- }
}
else
{
diff --git a/src/main/webapp/myprofile.jsp b/src/main/webapp/myprofile.jsp
index d9eb99d..91eea98 100644
--- a/src/main/webapp/myprofile.jsp
+++ b/src/main/webapp/myprofile.jsp
@@ -1,6 +1,6 @@
<%@ include file="/header.jsp" %>
<%@page import="java.sql.Connection"%>
-<%@page import="java.sql.Statement"%>
+<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.SQLException"%>
<%@page import="java.sql.ResultSetMetaData"%>
@@ -16,29 +16,32 @@ if(session.getAttribute("isLoggedIn")!=null)
String id=request.getParameter("id");
if(id!=null && !id.equals(""))
{
- Statement stmt = con.createStatement();
- ResultSet rs =null;
- rs=stmt.executeQuery("select * from users where id="+id);
- if(rs != null && rs.next())
- {
- out.print("UserName : "+rs.getString("username")+"
");
- out.print("Email : "+rs.getString("email")+"
");
- out.print("About : "+rs.getString("about")+"
");
-
- //Getting Card Details:
- ResultSet rs1=stmt.executeQuery("select * from cards where id="+id);
- if(rs1 != null && rs1.next())
- {
- out.print("
-------------------
Card Details:
-------------------
");
- out.print("Card Number: "+rs1.getString("cardno")+"
");
- out.print("CVV: "+rs1.getString("cvv")+"
");
- out.print("Expiry Date: "+rs1.getString("expirydate")+"
");
- }
- else
- {
- out.print("
No Card Details Found: Add Card
");
- }
- }
+ PreparedStatement pstmt = con.prepareStatement("select * from users where id=?");
+ pstmt.setString(1, id);
+ ResultSet rs =null;
+ rs=pstmt.executeQuery();
+ if(rs != null && rs.next())
+ {
+ out.print("UserName : "+rs.getString("username")+"
");
+ out.print("Email : "+rs.getString("email")+"
");
+ out.print("About : "+rs.getString("about")+"
");
+
+ //Getting Card Details:
+ PreparedStatement pstmt1 = con.prepareStatement("select * from cards where id=?");
+ pstmt1.setString(1, id);
+ ResultSet rs1=pstmt1.executeQuery();
+ if(rs1 != null && rs1.next())
+ {
+ out.print("
-------------------
Card Details:
-------------------
");
+ out.print("Card Number: "+rs1.getString("cardno")+"
");
+ out.print("CVV: "+rs1.getString("cvv")+"
");
+ out.print("Expiry Date: "+rs1.getString("expirydate")+"
");
+ }
+ else
+ {
+ out.print("
No Card Details Found: Add Card
");
+ }
+ }
}
else
{
diff --git a/src/main/webapp/vulnerability/DisplayMessage.jsp b/src/main/webapp/vulnerability/DisplayMessage.jsp
index dfad1d0..18dc173 100644
--- a/src/main/webapp/vulnerability/DisplayMessage.jsp
+++ b/src/main/webapp/vulnerability/DisplayMessage.jsp
@@ -1,46 +1,35 @@
<%@page import="java.sql.ResultSet"%>
-<%@page import="java.sql.Statement"%>
+<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.Connection"%>
<%@ include file="/header.jsp" %>
- <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
- <%
- if(session.getAttribute("isLoggedIn")!=null)
- {
- Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
- if(con!=null && !con.isClosed())
- {
- if(request.getParameter("msgid")!=null)
- {
- Statement stmt = con.createStatement();
- ResultSet rs =null;
- rs=stmt.executeQuery("select * from UserMessages where msgid="+request.getParameter("msgid"));
- if(rs.next())
- {
- out.print("Sender: "+rs.getString("sender"));
- out.print("
Subject:"+rs.getString("subject"));
- out.print("
Message:
"+rs.getString("msg"));
- }
- else
- {
- out.print("No Message Found");
- }
- }
- else
- {
- out.print("Message Id Parameter is missing");
-
- }
- out.print("
Return to Messages >>");
-
- out.print("
Return to Profile Page >>");
-
- }
-
- }
- else
- {
- out.print("* Please login to send message");
- }
- %>
-
- <%@ include file="/footer.jsp" %>
\ No newline at end of file
+<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
+<%
+if(session.getAttribute("isLoggedIn")!=null) {
+Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
+if(con!=null && !con.isClosed()) {
+if(request.getParameter("msgid")!=null) {
+PreparedStatement pstmt = con.prepareStatement("select * from UserMessages where msgid=?");
+pstmt.setString(1, request.getParameter("msgid"));
+ResultSet rs =null;
+rs=pstmt.executeQuery();
+if(rs.next()) {
+out.print("Sender: "+rs.getString("sender"));
+out.print("
Subject:"+rs.getString("subject"));
+out.print("
Message:
"+rs.getString("msg"));
+}
+else {
+out.print("No Message Found");
+}
+}
+else {
+out.print("Message Id Parameter is missing");
+}
+out.print("
Return to Messages >>");
+out.print("
Return to Profile Page >>");
+}
+}
+else {
+out.print("* Please login to send message");
+}
+%>
+<%@ include file="/footer.jsp" %>
\ No newline at end of file
diff --git a/src/main/webapp/vulnerability/UserDetails.jsp b/src/main/webapp/vulnerability/UserDetails.jsp
index d7a1043..46cc8be 100644
--- a/src/main/webapp/vulnerability/UserDetails.jsp
+++ b/src/main/webapp/vulnerability/UserDetails.jsp
@@ -1,34 +1,31 @@
<%@page import="java.sql.ResultSet"%>
-<%@page import="java.sql.Statement"%>
+<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.Connection"%>
<%@ include file="/header.jsp" %>
- <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
- <%
- Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
- String username=request.getParameter("username");
- if(username!=null && !username.equals(""))
- {
- Statement stmt = con.createStatement();
- ResultSet rs =null;
- rs=stmt.executeQuery("select * from users where username='"+username+"'");
- if(rs != null && rs.next())
- {
- out.print("
About "+rs.getString("username")+":
"+rs.getString("about"));
-
- }
-
- if(session.getAttribute("isLoggedIn")!=null && !session.getAttribute("user").equals(username))
- {
- out.print("
");
- out.print("Send Message to "+username+"");
- }
- }
- else
- {
- out.print("Username Parameter is Missing");
- }
-
- out.print("
Return to Forum >>");
- %>
-
- <%@ include file="/footer.jsp" %>
\ No newline at end of file
+<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
+<%
+Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
+String username=request.getParameter("username");
+if(username!=null && !username.equals(""))
+{
+PreparedStatement pstmt = con.prepareStatement("select * from users where username=?");
+pstmt.setString(1, username);
+ResultSet rs =null;
+rs=pstmt.executeQuery();
+if(rs != null && rs.next())
+{
+out.print("
About "+rs.getString("username")+":
"+rs.getString("about"));
+}
+if(session.getAttribute("isLoggedIn")!=null && !session.getAttribute("user").equals(username))
+{
+out.print("
");
+out.print("Send Message to "+username+"");
+}
+}
+else
+{
+out.print("Username Parameter is Missing");
+}
+out.print("
Return to Forum >>");
+%>
+<%@ include file="/footer.jsp" %>
\ No newline at end of file
diff --git a/src/main/webapp/vulnerability/idor/change-email.jsp b/src/main/webapp/vulnerability/idor/change-email.jsp
index 0dd3c34..2bd8bd1 100644
--- a/src/main/webapp/vulnerability/idor/change-email.jsp
+++ b/src/main/webapp/vulnerability/idor/change-email.jsp
@@ -1,6 +1,6 @@
<%@ include file="/header.jsp" %>
<%@page import="java.sql.Connection"%>
-<%@page import="java.sql.Statement"%>
+<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.SQLException"%>
<%@page import="java.sql.ResultSetMetaData"%>
@@ -28,8 +28,10 @@ if(session.getAttribute("isLoggedIn")!=null)
String id=request.getParameter("id");
if(email!=null && !email.equals("") && id!=null)
{
- Statement stmt = con.createStatement();
- stmt.executeUpdate("Update users set email='"+email+"' where id="+id);
+ PreparedStatement pstmt = con.prepareStatement("Update users set email=? where id=?");
+ pstmt.setString(1, email);
+ pstmt.setString(2, id);
+ pstmt.executeUpdate();
out.print("email Changed");
}
diff --git a/src/main/webapp/vulnerability/sqli/download_id_union.jsp b/src/main/webapp/vulnerability/sqli/download_id_union.jsp
index 9cbbdc2..2cd1b93 100644
--- a/src/main/webapp/vulnerability/sqli/download_id_union.jsp
+++ b/src/main/webapp/vulnerability/sqli/download_id_union.jsp
@@ -19,16 +19,16 @@
if(fileid!=null && !fileid.equals(""))
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
- Statement stmt = con.createStatement();
+ PreparedStatement pstmt = con.prepareStatement("select * from FilesList where fileid=?");
+ pstmt.setString(1, fileid);
ResultSet rs =null;
- rs=stmt.executeQuery("select * from FilesList where fileid="+fileid);
+ rs=pstmt.executeQuery();
if(rs != null && rs.next())
{
int BUFSIZE = 4096;
String filePath=rs.getString("path");
-
- File file = new File(getServletContext().getRealPath(path));
+ File file = new File(getServletContext().getRealPath(path));
file = new File(file.getParent()+filePath);
int length = 0;
ServletOutputStream outStream = response.getOutputStream();
@@ -58,6 +58,10 @@
out.print("File Parameter is missing");
}
}
+ catch(SQLException e)
+ {
+ out.print("Oops, Something Went wrong");
+ }
catch(Exception e)
{
out.print("Oops, Something Went wrong");