demo-java/src/main/java/com/github/hackathon/advancedsecurityjava/test/VulnerableLogin.java at 5fd5457fb7f7733fd293ac25de2f293e13250f5c · advanced-security-demo/demo-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
import java.util.Scanner;

public class VulnerableLogin {
    public static void main(String[] args) {
        Scanner scanner = new Scanner(System.in);

        // Hardcoded credentials (bad practice)
        String dbUrl = "jdbc:mysql://localhost:3306/testdb";
        String dbUser = "admin";
        String dbPassword = "password123";

        System.out.print("Enter username: ");
        String username = scanner.nextLine();

        System.out.print("Enter password: ");
        String password = scanner.nextLine();

        try {
            Connection conn = DriverManager.getConnection(dbUrl, dbUser, dbPassword);
            Statement stmt = conn.createStatement();

            // SQL Injection vulnerability
            String query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
            stmt.executeQuery(query);

            System.out.println("Login attempted with query: " + query);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}