/notes/code/java/SimpleInjection02.java (9454ba8f069bcf2dd4918ccd3cdd2113e596299a) (2073 bytes) (mode 100644) (type blob)
// code/java/SimpleInjection02.java
// java.util.Scanner is an API to read from the keyboard.
import java.sql.*;
import java.util.Scanner;
public class SimpleInjection02 {
public static void main(String[] args) {
try (Connection conn =
DriverManager.getConnection(
"jdbc:mysql://localhost:3306/?user=testuser&password=password"
+ "&allowMultiQueries=true");
Statement stmt =
conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_READ_ONLY); ) {
stmt.addBatch("DROP SCHEMA IF EXISTS HW_SIMPLE_INJECTION_2");
stmt.addBatch("CREATE SCHEMA HW_SIMPLE_INJECTION_2");
stmt.addBatch("USE HW_SIMPLE_INJECTION_2");
stmt.addBatch("CREATE TABLE SECRETVIP(Name VARCHAR(30))");
stmt.addBatch("INSERT INTO SECRETVIP VALUES (\"Marcus Hells\")");
stmt.executeBatch();
Scanner key = new Scanner(System.in);
System.out.print(
"\n\n"
+ "To test the program, enter\n"
+ "\t• \"Marcus Hells\" (without the quotes) to confirm that guessing correctly"
+ " triggers the correct result,\n"
+ "\t• \"nope'; DROP SCHEMA HW_SIMPLE_INJECTION_2;\" (without the double quotes"
+ " (\")) to perform an SQL injection.\n"
+ "\t• anything else to confirm that guessing correctly triggers the correct"
+ " result,\n");
while (true) {
System.out.print("\n\nType the name of someone who may be the secret VIP.\n");
String entered = key.nextLine();
// start snippet gist
stmt.execute("SELECT * FROM SECRETVIP WHERE Name ='" + entered + "';");
// end snippet gist
ResultSet rst = stmt.getResultSet();
boolean found = rst.first();
if (found) {
System.out.print("Yes, you found it!\n");
} else {
System.out.print("Nope, " + entered + " is not our secret VIP.\n");
}
}
} catch (SQLException ex) {
ex.printStackTrace();
}
}
}
Mode |
Type |
Size |
Ref |
File |
100644 |
blob |
15398 |
ee75155d2d99639acd17d31b2cc23cd752078e7e |
CONTRIB.md |
100644 |
blob |
20625 |
25b8e45e7f103089fb70fae5a219f09a29ef5312 |
KNOWN_BUGS.md |
100644 |
blob |
17217 |
e5c1f9f898cca948da42333b100e331d62b61d3c |
LICENSE.md |
100644 |
blob |
1997 |
f8801648fd4ba5843a2cbca8b10e4f69ba5d9b25 |
Makefile |
100644 |
blob |
6695 |
0b91924ffc7b73e2d36150369d4fd41a44b099c5 |
README.md |
040000 |
tree |
- |
eb7afc38251ada69e1967e1ce3e49967eca2267c |
install |
040000 |
tree |
- |
f16b283429b64b620b3bd7681a446ff54d504f84 |
notes |
Hints:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/caubert/CSCI_3410
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/caubert/CSCI_3410
Clone this repository using git:
git clone git://git.rocketgit.com/user/caubert/CSCI_3410
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a
merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main