GitBucket
4.21.2
Toggle navigation
Snippets
Sign in
Files
Branches
1
Releases
Issues
Pull requests
Labels
Priorities
Milestones
Wiki
Forks
mark.george
/
jetty
Browse code
Not sure why this was done
master
1 parent
ddb4701
commit
0507ff74d29aaabc9f319ea068bff59dfac4b235
Mark George
authored
on 2 Jul 2021
Patch
Showing
1 changed file
src/main/java/servlets/LoginServlet.java
Ignore Space
Show notes
View
src/main/java/servlets/LoginServlet.java
/* * To change this template, choose Tools | Templates * and open the template in the editor. */ package servlets; import dao.JdbcConnection; import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.logging.Level; import java.util.logging.Logger; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * * This servlet is used to demonstrate SQL injection attacks. * * * @author mark */ @WebServlet(name = "LoginServlet", urlPatterns = {"/login"}) public class LoginServlet extends HttpServlet { /** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> * methods. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); String username = request.getParameter("username"); String password = request.getParameter("password"); String sql = "select * from users where username = '" + username + "' and password = '" + password + "';"; try ( Connection con = JdbcConnection.getConnection(); Statement s = con.createStatement(); ResultSet rs = s.executeQuery(sql);) { if (rs.next()) { String uname = rs.getString("name"); out.println("<!DOCTYPE html>"); out.println("<html>"); out.println("<head>"); out.println("<link rel=\"stylesheet\" href=\"highlight.js/github.css\">"); out.println("<script src=\"highlight.js/highlight.pack.js\"></script>"); out.println("<script>hljs.initHighlightingOnLoad();</script>"); out.println("</head>"); out.println("<body>"); out.println("<h1 style=\"color: green;\">Hi " + uname + ". You have successfully logged in!</h1>"); out.println("<p>Code for generating query:</p>"); out.println("<pre><code class=\"java\">\"select * from users where username = '\" + username + \"' and password = '\" + password + \"';\"</code></pre>"); out.println("<p>Generated query was:</p>"); out.println("<pre><code class=\"sql\">" + sql + "</code></pre>"); out.println("<p>Query found a matching result.</p>"); out.println("<p><a href=\"index.jsp\">Back</a></p>"); out.println("</body></html>"); } else { out.println("<!DOCTYPE html>"); out.println("<html>"); out.println("<head>"); out.println("<link rel=\"stylesheet\" href=\"highlight.js/github.css\">"); out.println("<script src=\"highlight.js/highlight.pack.js\"></script>"); out.println("<script>hljs.initHighlightingOnLoad();</script>"); out.println("</head>"); out.println("<body>"); out.println("<h1 style=\"color: red;\">Log in failed!</h1>"); out.println("<p>Code for generating query:</p>"); out.println("<pre><code class=\"java\">\"select * from users where username = '\" + username + \"' and password = '\" + password + \"';\"</code></pre>"); out.println("<p>Generated query was:</p>"); out.println("<pre><code class=\"sql\">" + sql + "</code></pre>"); out.println("<p>Query found no results matching those details.</p>"); out.println("<p><a href=\"index.jsp\">Back</a></p>"); out.println("</body></html>"); } } catch (SQLException ex) { Logger.getLogger(LoginServlet.class.getName()).log(Level.SEVERE, null, ex); } } // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code."> /** * Handles the HTTP <code>GET</code> method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } /** * Handles the HTTP <code>POST</code> method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } /** * Returns a short description of the servlet. * * @return a String containing servlet description */ @Override public String getServletInfo() { return "Short description"; }// </editor-fold> }
/* * To change this template, choose Tools | Templates * and open the template in the editor. */ package servlets; import dao.JdbcConnection; import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.logging.Level; import java.util.logging.Logger; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * * This servlet is used to demonstrate SQL injection attacks. * * * @author mark */ @WebServlet(name = "LoginServlet", urlPatterns = {"/login"}) public class LoginServlet extends HttpServlet { /** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> * methods. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); String username = request.getParameter("username"); String password = request.getParameter("password"); String sql = "select name from users where username = '" + username + "' and password = '" + password + "';"; try ( Connection con = JdbcConnection.getConnection(); Statement s = con.createStatement(); ResultSet rs = s.executeQuery(sql);) { if (rs.next()) { String uname = rs.getString("name"); out.println("<!DOCTYPE html>"); out.println("<html>"); out.println("<head>"); out.println("<link rel=\"stylesheet\" href=\"highlight.js/github.css\">"); out.println("<script src=\"highlight.js/highlight.pack.js\"></script>"); out.println("<script>hljs.initHighlightingOnLoad();</script>"); out.println("</head>"); out.println("<body>"); out.println("<h1 style=\"color: green;\">Hi " + uname + ". You have successfully logged in!</h1>"); out.println("<p>Code for generating query:</p>"); out.println("<pre><code class=\"java\">\"select * from users where username = '\" + username + \"' and password = '\" + password + \"';\"</code></pre>"); out.println("<p>Generated query was:</p>"); out.println("<pre><code class=\"sql\">" + sql + "</code></pre>"); out.println("<p>Query found a matching result.</p>"); out.println("<p><a href=\"index.jsp\">Back</a></p>"); out.println("</body></html>"); } else { out.println("<!DOCTYPE html>"); out.println("<html>"); out.println("<head>"); out.println("<link rel=\"stylesheet\" href=\"highlight.js/github.css\">"); out.println("<script src=\"highlight.js/highlight.pack.js\"></script>"); out.println("<script>hljs.initHighlightingOnLoad();</script>"); out.println("</head>"); out.println("<body>"); out.println("<h1 style=\"color: red;\">Log in failed!</h1>"); out.println("<p>Code for generating query:</p>"); out.println("<pre><code class=\"java\">\"select * from users where username = '\" + username + \"' and password = '\" + password + \"';\"</code></pre>"); out.println("<p>Generated query was:</p>"); out.println("<pre><code class=\"sql\">" + sql + "</code></pre>"); out.println("<p>Query found no results matching those details.</p>"); out.println("<p><a href=\"index.jsp\">Back</a></p>"); out.println("</body></html>"); } } catch (SQLException ex) { Logger.getLogger(LoginServlet.class.getName()).log(Level.SEVERE, null, ex); } } // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code."> /** * Handles the HTTP <code>GET</code> method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } /** * Handles the HTTP <code>POST</code> method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } /** * Returns a short description of the servlet. * * @return a String containing servlet description */ @Override public String getServletInfo() { return "Short description"; }// </editor-fold> }
Show line notes below
GitBucket
4.21.2
GitBucket
4.21.2