diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java index 2331d13..068314f 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java @@ -6,6 +6,7 @@ package org.cysecurity.cspf.jvl.controller; +import java.sql.PreparedStatement; import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; @@ -48,8 +49,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re if(con!=null && !con.isClosed()) { ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'"); + PreparedStatement stmt = con.prepareStatement("select * from users where username='"+user+"' and password=?"); + stmt.setString(1, pass); + rs=stmt.executeQuery(); if(rs != null && rs.next()){ HttpSession session=request.getSession(); session.setAttribute("isLoggedIn", "1"); diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java index afa2f83..7f09ada 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java @@ -55,7 +55,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re { Statement stmt = con.createStatement(); - stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')"); + stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"',"+stmt.enquoteLiteral(String.valueOf(pass))+",'"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')"); stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi
This is admin of this page.
Welcome to Our Forum')"); response.sendRedirect("index.jsp"); diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java b/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java index 8ff5439..428fe3d 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/sqs.java @@ -1,5 +1,6 @@ package messageQ; +import java.sql.PreparedStatement; import com.amazonaws.services.sqs.AmazonSQSClientBuilder; import com.amazonaws.services.sqs.model.AmazonSQSException; import com.amazonaws.services.sqs.model.SendMessageBatchRequest; @@ -33,8 +34,9 @@ List read(){ String getId(string data){ try{ Connection con=DriverManager.getConnection("jdbc:mysql://db.com:3306/core", USER, PASS); - Statement stmt = con.createStatement(); - rs = stmt.executeQuery("SELECT id FROM t where data = '" + data + "'"); + PreparedStatement stmt = con.prepareStatement("SELECT id FROM t where data = ?"); + stmt.setString(1, data); + rs = stmt.executeQuery(); return rs.getString("Id"); } catch (Exception exc){ // diff --git a/src/main/webapp/admin/manageusers.jsp b/src/main/webapp/admin/manageusers.jsp index daac64f..7c59f50 100644 --- a/src/main/webapp/admin/manageusers.jsp +++ b/src/main/webapp/admin/manageusers.jsp @@ -1,27 +1,33 @@ <%@ include file="/header.jsp" %> - <%@page import="java.sql.Statement"%> +<%@page import="java.sql.PreparedStatement"%> <%@page import="java.sql.ResultSet"%> <%@page import="java.sql.SQLException"%> <%@page import="org.cysecurity.cspf.jvl.model.DBConnect"%> <%@page import="java.sql.Connection"%> - <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - Statement stmt = con.createStatement(); - if(request.getParameter("delete")!=null) - { - String user=request.getParameter("user"); - stmt.executeUpdate("Delete from users where username='"+user+"'"); - } - %> -
<% - ResultSet rs=stmt.executeQuery("select * from users where privilege='user'"); - while(rs.next()) - { - out.print(" "+rs.getString("username")+"
"); - } - %> +Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); +PreparedStatement pstmt = null; +ResultSet rs = null; +if(request.getParameter("delete")!=null) +{ + String user=request.getParameter("user"); + String query = "Delete from users where username=?"; + pstmt = con.prepareStatement(query); + pstmt.setString(1, user); + pstmt.executeUpdate(); +} +%> + +<% +String query = "select * from users where privilege='user'"; +pstmt = con.prepareStatement(query); +rs = pstmt.executeQuery(); +while(rs.next()) +{ + out.print(" "+rs.getString("username")+"
"); +} +%>
diff --git a/src/main/webapp/changeCardDetails.jsp b/src/main/webapp/changeCardDetails.jsp index ca164c7..76ae241 100644 --- a/src/main/webapp/changeCardDetails.jsp +++ b/src/main/webapp/changeCardDetails.jsp @@ -1,11 +1,5 @@ <%@ include file="/header.jsp" %> - <%@page import="java.sql.Connection"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.SQLException"%> - -<%@page import="java.sql.ResultSetMetaData"%> -<%@page import="java.sql.ResultSet"%> -<%@ page import="java.util.*,java.io.*"%> +<%@ page import="java.sql.Connection,java.sql.PreparedStatement,java.sql.SQLException"%> <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> @@ -24,38 +18,37 @@ if(session.getAttribute("isLoggedIn")!=null)

<% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - - String id=session.getAttribute("userid").toString(); //Gets User ID - String action=request.getParameter("action"); - try - { - - if(action!=null && action.equalsIgnoreCase("add") ) + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + String id=session.getAttribute("userid").toString(); //Gets User ID + String action=request.getParameter("action"); + try { - - String cardno=request.getParameter("cardno"); - String cvv=request.getParameter("cvv"); - String expirydate=request.getParameter("expirydate"); - if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals("")) - { - Statement stmt = con.createStatement(); - stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')"); - out.print(" * Card details added *"); - } - else + if(action!=null && action.equalsIgnoreCase("add") ) { - out.print("* Please Fill all the details * "); + String cardno=request.getParameter("cardno"); + String cvv=request.getParameter("cvv"); + String expirydate=request.getParameter("expirydate"); + if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals("")) + { + PreparedStatement pstmt = con.prepareStatement("INSERT into cards(id,cardno, cvv,expirydate) values (?,?,?,?)"); + pstmt.setString(1, id); + pstmt.setString(2, cardno); + pstmt.setString(3, cvv); + pstmt.setString(4, expirydate); + pstmt.executeUpdate(); + out.print(" * Card details added *"); + } + else + { + out.print("* Please Fill all the details * "); + } } + out.print("

Return to Profile Page >>"); } - - out.print("

Return to Profile Page >>"); - + catch(SQLException e) + { + out.print(e); } - catch(Exception e) - { - out.print(e); - } } else { diff --git a/src/main/webapp/vulnerability/DisplayMessage.jsp b/src/main/webapp/vulnerability/DisplayMessage.jsp index dfad1d0..18dc173 100644 --- a/src/main/webapp/vulnerability/DisplayMessage.jsp +++ b/src/main/webapp/vulnerability/DisplayMessage.jsp @@ -1,46 +1,35 @@ <%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> +<%@page import="java.sql.PreparedStatement"%> <%@page import="java.sql.Connection"%> <%@ include file="/header.jsp" %> - <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> - <% - if(session.getAttribute("isLoggedIn")!=null) - { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - if(con!=null && !con.isClosed()) - { - if(request.getParameter("msgid")!=null) - { - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from UserMessages where msgid="+request.getParameter("msgid")); - if(rs.next()) - { - out.print("Sender: "+rs.getString("sender")); - out.print("
Subject:"+rs.getString("subject")); - out.print("
Message:
"+rs.getString("msg")); - } - else - { - out.print("No Message Found"); - } - } - else - { - out.print("Message Id Parameter is missing"); - - } - out.print("

Return to Messages >>"); - - out.print("

Return to Profile Page >>"); - - } - - } - else - { - out.print("* Please login to send message"); - } - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> +<% +if(session.getAttribute("isLoggedIn")!=null) { +Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); +if(con!=null && !con.isClosed()) { +if(request.getParameter("msgid")!=null) { +PreparedStatement pstmt = con.prepareStatement("select * from UserMessages where msgid=?"); +pstmt.setString(1, request.getParameter("msgid")); +ResultSet rs =null; +rs=pstmt.executeQuery(); +if(rs.next()) { +out.print("Sender: "+rs.getString("sender")); +out.print("
Subject:"+rs.getString("subject")); +out.print("
Message:
"+rs.getString("msg")); +} +else { +out.print("No Message Found"); +} +} +else { +out.print("Message Id Parameter is missing"); +} +out.print("

Return to Messages >>"); +out.print("

Return to Profile Page >>"); +} +} +else { +out.print("* Please login to send message"); +} +%> +<%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/UserDetails.jsp b/src/main/webapp/vulnerability/UserDetails.jsp index d7a1043..46cc8be 100644 --- a/src/main/webapp/vulnerability/UserDetails.jsp +++ b/src/main/webapp/vulnerability/UserDetails.jsp @@ -1,34 +1,31 @@ <%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> +<%@page import="java.sql.PreparedStatement"%> <%@page import="java.sql.Connection"%> <%@ include file="/header.jsp" %> - <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> - <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - String username=request.getParameter("username"); - if(username!=null && !username.equals("")) - { - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from users where username='"+username+"'"); - if(rs != null && rs.next()) - { - out.print("
About "+rs.getString("username")+":
"+rs.getString("about")); - - } - - if(session.getAttribute("isLoggedIn")!=null && !session.getAttribute("user").equals(username)) - { - out.print("

"); - out.print("Send Message to "+username+""); - } - } - else - { - out.print("Username Parameter is Missing"); - } - - out.print("

Return to Forum >>"); - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> +<% +Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); +String username=request.getParameter("username"); +if(username!=null && !username.equals("")) +{ +PreparedStatement pstmt = con.prepareStatement("select * from users where username=?"); +pstmt.setString(1, username); +ResultSet rs =null; +rs=pstmt.executeQuery(); +if(rs != null && rs.next()) +{ +out.print("
About "+rs.getString("username")+":
"+rs.getString("about")); +} +if(session.getAttribute("isLoggedIn")!=null && !session.getAttribute("user").equals(username)) +{ +out.print("

"); +out.print("Send Message to "+username+""); +} +} +else +{ +out.print("Username Parameter is Missing"); +} +out.print("

Return to Forum >>"); +%> +<%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/forumposts.jsp b/src/main/webapp/vulnerability/forumposts.jsp index e2c7096..c27178d 100644 --- a/src/main/webapp/vulnerability/forumposts.jsp +++ b/src/main/webapp/vulnerability/forumposts.jsp @@ -1,30 +1,28 @@ <%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> +<%@page import="java.sql.PreparedStatement"%> <%@page import="java.sql.Connection"%> <%@ include file="/header.jsp" %> - <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> - <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - - String postid=request.getParameter("postid"); - if(postid!=null) - { - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from posts where postid="+postid); - if(rs != null && rs.next()) - { - out.print("Title:"+rs.getString("title")+""); - out.print("
- Posted By "+rs.getString("user")); - out.print("

Content:
"+rs.getString("content")); - } - } - else - { - out.print("ID Parameter is Missing"); - } - - out.print("

Return to Forum >>"); - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> +<% +Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); +String postid=request.getParameter("postid"); +if(postid!=null) +{ +PreparedStatement pstmt = con.prepareStatement("select * from posts where postid=?"); +pstmt.setString(1, postid); +ResultSet rs =null; +rs=pstmt.executeQuery(); +if(rs != null && rs.next()) +{ +out.print("Title:"+rs.getString("title")+""); +out.print("
- Posted By "+rs.getString("user")); +out.print("

Content:
"+rs.getString("content")); +} +} +else +{ +out.print("ID Parameter is Missing"); +} +out.print("

Return to Forum >>"); +%> +<%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/sqli/download_id.jsp b/src/main/webapp/vulnerability/sqli/download_id.jsp index f0d5d24..12f9877 100644 --- a/src/main/webapp/vulnerability/sqli/download_id.jsp +++ b/src/main/webapp/vulnerability/sqli/download_id.jsp @@ -19,9 +19,10 @@ if(fileid!=null && !fileid.equals("")) { Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - Statement stmt = con.createStatement(); + PreparedStatement pstmt = con.prepareStatement("select * from FilesList where fileid=?"); + pstmt.setString(1, fileid); ResultSet rs =null; - rs=stmt.executeQuery("select * from FilesList where fileid="+fileid); + rs=pstmt.executeQuery(); if(rs != null && rs.next()) { @@ -58,6 +59,10 @@ out.print("File Parameter is missing"); } } + catch(SQLException e) + { + out.print("Oops, Something Went wrong"); + } catch(Exception e) { out.print("Oops, Something Went wrong"); diff --git a/src/main/webapp/vulnerability/sqli/download_id_union.jsp b/src/main/webapp/vulnerability/sqli/download_id_union.jsp index 9cbbdc2..2cd1b93 100644 --- a/src/main/webapp/vulnerability/sqli/download_id_union.jsp +++ b/src/main/webapp/vulnerability/sqli/download_id_union.jsp @@ -19,16 +19,16 @@ if(fileid!=null && !fileid.equals("")) { Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - Statement stmt = con.createStatement(); + PreparedStatement pstmt = con.prepareStatement("select * from FilesList where fileid=?"); + pstmt.setString(1, fileid); ResultSet rs =null; - rs=stmt.executeQuery("select * from FilesList where fileid="+fileid); + rs=pstmt.executeQuery(); if(rs != null && rs.next()) { int BUFSIZE = 4096; String filePath=rs.getString("path"); - - File file = new File(getServletContext().getRealPath(path)); + File file = new File(getServletContext().getRealPath(path)); file = new File(file.getParent()+filePath); int length = 0; ServletOutputStream outStream = response.getOutputStream(); @@ -58,6 +58,10 @@ out.print("File Parameter is missing"); } } + catch(SQLException e) + { + out.print("Oops, Something Went wrong"); + } catch(Exception e) { out.print("Oops, Something Went wrong");