forked from mobbeitan/vulnerable-code
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmy naive sql.java
More file actions
23 lines (20 loc) · 884 Bytes
/
my naive sql.java
File metadata and controls
23 lines (20 loc) · 884 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class SQLInjectionExample extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException {
try {
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
String user = request.getParameter("username");
String query = "SELECT * FROM users WHERE username = '" + request.getParameter("username") + "';";
Statement stmt = con.createStatement();
stmt.executeQuery(query);
} catch (Exception e) {
throw new ServletException(e);
}
}
}