From af87f20048c7358ae2e3e6f75852635bdb7ca0e6 Mon Sep 17 00:00:00 2001
From: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Date: Wed, 27 Nov 2024 14:48:41 +0530
Subject: [PATCH] Create b.java

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
---
 b.java | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 b.java

diff --git a/b.java b/b.java
new file mode 100644
index 0000000000..3d3bf6a458
--- /dev/null
+++ b/b.java
@@ -0,0 +1,29 @@
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.sql.Statement;
+
+public class VulnerableApp {
+    public static void main(String[] args) {
+        String userInput = "test'; DROP TABLE users; --"; // Simulated malicious input
+
+        try {
+            // Connect to the database
+            Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/testdb", "root", "password");
+
+            // Vulnerable: User input directly concatenated into SQL query
+            String query = "SELECT * FROM users WHERE username = '" + userInput + "'";
+            Statement statement = connection.createStatement();
+            ResultSet resultSet = statement.executeQuery(query);
+
+            // Print the results
+            while (resultSet.next()) {
+                System.out.println("User: " + resultSet.getString("username"));
+            }
+
+            connection.close();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}