Skip to content

Vulnerability fix (powered by Mobb Autofixer) #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cx-israel-ogunsakin wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Vulnerability fix (powered by Mobb Autofixer) #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c19bbcb
mobb fix commit: b08c5573-c99f-40cd-95d6-ea32b70a596b
Sep 25, 2023
45fc115
mobb fix commit: 9678aff0-e954-4d2a-aff1-498e291e2af5
Sep 25, 2023
1353c00
mobb fix commit: 66745f68-d629-4338-a6b8-9f0b38fc235a
Sep 25, 2023
926d902
mobb fix commit: 82d8ac0d-1ee7-442b-802e-c0408500aca6
Sep 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/main/java/org/cysecurity/cspf/jvl/controller/Install.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ protected boolean setup(String i) throws IOException
{
//User Table creation
stmt.executeUpdate("Create table users(ID int NOT NULL AUTO_INCREMENT, username varchar(30),email varchar(60), password varchar(60), about varchar(50),privilege varchar(20),avatar TEXT,secretquestion int,secret varchar(30),primary key (id))");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('"+adminuser+"','"+adminpass+"','admin@localhost','I am the admin of this application','default.jpg','admin',1,'rocky')");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ("+stmt.enquoteLiteral(String.valueOf(adminuser))+",'"+adminpass+"','admin@localhost','I am the admin of this application','default.jpg','admin',1,'rocky')");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('victim','victim','victim@localhost','I am the victim of this application','default.jpg','user',1,'max')");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('attacker','attacker','attacker@localhost','I am the attacker of this application','default.jpg','user',1,'bella')");
stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('NEO','trinity','neo@matrix','I am the NEO','default.jpg','user',1,'sentinel')");
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/cysecurity/cspf/jvl/controller/Register.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
{

Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')");
stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"',"+stmt.enquoteLiteral(String.valueOf(email))+",'"+about+"','default.jpg','user',1,'"+secret+"')");
stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi<br/> This is admin of this page. <br/> Welcome to Our Forum')");

response.sendRedirect("index.jsp");
Expand Down
8 changes: 5 additions & 3 deletions src/main/webapp/ForgotPassword.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

<%@page import="org.cysecurity.cspf.jvl.model.DBConnect"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.Connection"%>
<%@ include file="header.jsp" %>
Expand Down Expand Up @@ -38,8 +38,10 @@ if(request.getParameter("secret")!=null)
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where username='"+request.getParameter("username").trim()+"' and secret='"+request.getParameter("secret")+"'");
PreparedStatement pstmt = con.prepareStatement("select * from users where username=? and secret=?");
pstmt.setString(1, request.getParameter("username").trim());
pstmt.setString(2, request.getParameter("secret"));
rs=pstmt.executeQuery();
if(rs != null && rs.next()){
out.print("Hello "+rs.getString("username")+", <b class='success'> Your Password is: "+rs.getString("password"));
}
Expand Down
78 changes: 32 additions & 46 deletions src/main/webapp/vulnerability/csrf/changepassword.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,62 +1,48 @@
<%@ include file="/header.jsp" %>
<%@page import="java.sql.Connection"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.SQLException"%>

<%@page import="java.sql.ResultSetMetaData"%>
<%@page import="java.sql.ResultSet"%>
<%@ page import="java.util.*,java.io.*"%>
<%@ page import="java.sql.Connection, java.sql.PreparedStatement, java.sql.SQLException"%>
<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%>


<%
if(session.getAttribute("isLoggedIn")!=null)
{
String id=session.getAttribute("userid").toString();
%>
if(session.getAttribute("isLoggedIn") != null) {
String id = session.getAttribute("userid").toString();
%>
Enter the New Password: <br/><br/>
<table>
<form action="changepassword.jsp" method="POST">
<tr><td>New Password:</td><td><input type="text" name="password" value=""/></td></tr>
<tr><td>Confirm Password: </td><td><input type="text" name="confirmpassword" value=""/></td></tr>
<tr><td></td><td><input type="submit" name="change" value="Change"/></td></tr>

</form>
<form action="changepassword.jsp" method="POST">
<tr><td>New Password:</td><td><input type="text" name="password" value=""/></td></tr>
<tr><td>Confirm Password: </td><td><input type="text" name="confirmpassword" value=""/></td></tr>
<tr><td></td><td><input type="submit" name="change" value="Change"/></td></tr>
</form>
</table>
<br/>
<%
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));

String action=request.getParameter("change");
if(action!=null)
{
String pass=request.getParameter("password");
String confirmPass=request.getParameter("confirmpassword");
if(pass!=null && confirmPass!=null && !pass.equals("") )
{
if(pass.equals(confirmPass) )
{
Statement stmt = con.createStatement();
stmt.executeUpdate("Update users set password='"+pass+"' where id="+id);
out.print("<b class='success'>Password Changed</b>");
out.print("<br/><br/><b><a href='changepassword.jsp'>Return to the Previous page </a></b>");
<br/>
<%
Connection con = new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
String action = request.getParameter("change");
if(action != null) {
String pass = request.getParameter("password");
String confirmPass = request.getParameter("confirmpassword");
if(pass != null && confirmPass != null && !pass.equals("")) {
if(pass.equals(confirmPass)) {
PreparedStatement pstmt = con.prepareStatement("Update users set password=? where id=?");
pstmt.setString(1, pass);
pstmt.setString(2, id);
pstmt.executeUpdate();
out.print("<b class='success'>Password Changed</b>");
out.print("<br/><br/><b><a href='changepassword.jsp'>Return to the Previous page </a></b>");
}
else
{
out.print("Passwords didn't match");
else {
out.print("Passwords didn't match");
}

}
else
{
else {
out.print("Password can't be empty");
}
}
}

%>

<!-- CSRF -->
}
%>

<!-- CSRF -->
<!-- Insecure Direct Object Reference 2 -->

<%@ include file="/footer.jsp" %>
<%@ include file="/footer.jsp" %>