apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-15 20:05:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/realistic/sqli_xlang/SqliJavaConcat.java

20 lines
796 B
Java
Raw Blame History

// Phase 15 — Java JDBC raw-string concat SQLi positive.
// `Statement.executeQuery` is a flat SQL_QUERY sink in
// `labels/java.rs`; concatenated `request.getParameter` value flows
// directly into the SQL string with no parameterisation.
package com.example;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.http.HttpServletRequest;
public class SqliJavaConcat {
public ResultSet lookup(HttpServletRequest request) throws Exception {
String name = request.getParameter("name");
Connection conn = DriverManager.getConnection("jdbc:h2:mem:db");
Statement stmt = conn.createStatement();
return stmt.executeQuery("SELECT * FROM users WHERE name = '" + name + "'");
}
}
Reference in a new issue View git blame Copy permalink