Material for Database Class.
/notes/code/java/SimpleInjection01.java (1f9bd79b007519b6b6ecc33d3f11fe3c210442d2) (2035 bytes) (mode 100644) (type blob)
// code/java/SimpleInjection01.java
// java.util.Scanner is an API to read from the keyboard.
import java.sql.*;
import java.util.Scanner;
public class SimpleInjection01 {
public static void main(String[] args) {
try (Connection conn =
DriverManager.getConnection(
"jdbc:mysql://localhost:3306/?user=testuser&password=password"
+ "&allowMultiQueries=true");
Statement stmt =
conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_READ_ONLY); ) {
stmt.addBatch("DROP SCHEMA IF EXISTS HW_SIMPLE_INJECTION_1");
stmt.addBatch("CREATE SCHEMA HW_SIMPLE_INJECTION_1");
stmt.addBatch("USE HW_SIMPLE_INJECTION_1");
stmt.addBatch("CREATE TABLE SECRETVIP(Name VARCHAR(30))");
stmt.addBatch("INSERT INTO SECRETVIP VALUES (\"Marcus Hells\")");
stmt.executeBatch();
Scanner key = new Scanner(System.in);
System.out.print(
"\n\n"
+ "To test the program, enter\n"
+ "\t• \"Marcus Hells\" (without the quotes) to confirm that guessing correctly"
+ " triggers the correct result,\n"
+ "\t• \"n' OR '1' = '1\" (without the double quotes (\")) to perform an SQL"
+ " injection.\n"
+ "\t• anything else to confirm that guessing correctly triggers the correct"
+ " result,\n");
while (true) {
System.out.print("\n\nType the name of someone who may be the secret VIP.\n");
String entered = key.nextLine();
// start snippet gist
ResultSet rset =
stmt.executeQuery("SELECT * FROM SECRETVIP WHERE Name ='" + entered + "';");
// end snippet gist
if (rset.next()) {
System.out.print("Yes, " + rset.getString(1) + " is our secret VIP!\n");
} else {
System.out.print("Nope, \"" + entered + "\" is not our secret VIP.\n");
}
}
} catch (SQLException ex) {
ex.printStackTrace();
}
}
}
| Mode | Type | Size | Ref | File |
|---|---|---|---|---|
| 100644 | blob | 15398 | ee75155d2d99639acd17d31b2cc23cd752078e7e | CONTRIB.md |
| 100644 | blob | 20625 | 25b8e45e7f103089fb70fae5a219f09a29ef5312 | KNOWN_BUGS.md |
| 100644 | blob | 17217 | e5c1f9f898cca948da42333b100e331d62b61d3c | LICENSE.md |
| 100644 | blob | 1997 | f8801648fd4ba5843a2cbca8b10e4f69ba5d9b25 | Makefile |
| 100644 | blob | 6695 | 0b91924ffc7b73e2d36150369d4fd41a44b099c5 | README.md |
| 040000 | tree | - | eb7afc38251ada69e1967e1ce3e49967eca2267c | install |
| 040000 | tree | - | f16b283429b64b620b3bd7681a446ff54d504f84 | notes |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/caubert/CSCI_3410
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/caubert/CSCI_3410
Clone this repository using git:
git clone git://git.rocketgit.com/user/caubert/CSCI_3410
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!