From e3f8a7ffea405a9736f42d34354e6780f3c5ab16 Mon Sep 17 00:00:00 2001 From: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> Date: Thu, 28 Nov 2024 10:13:40 +0530 Subject: [PATCH] Create code.java Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com> --- pre-registration/code.java | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 pre-registration/code.java diff --git a/pre-registration/code.java b/pre-registration/code.java new file mode 100644 index 0000000000..2a4591ec63 --- /dev/null +++ b/pre-registration/code.java @@ -0,0 +1,36 @@ +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.ResultSet; +import java.sql.Statement; +import java.security.MessageDigest; +import java.util.Base64; + +public class VulnerableCode { + public static void main(String[] args) { + // Simulated malicious input for SQL Injection + String userInput = "admin' OR '1'='1"; + + try { + // Vulnerable SQL Query + Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/testdb", "root", "password"); + Statement statement = connection.createStatement(); + String query = "SELECT * FROM users WHERE username = '" + userInput + "'"; + ResultSet resultSet = statement.executeQuery(query); + + // Print the results + while (resultSet.next()) { + System.out.println("User: " + resultSet.getString("username")); + } + + // Insecure Cryptography Example: MD5 for hashing passwords + String password = "supersecretpassword"; + MessageDigest md = MessageDigest.getInstance("MD5"); // MD5 is cryptographically broken + byte[] hash = md.digest(password.getBytes()); + System.out.println("MD5 Hash of password: " + Base64.getEncoder().encodeToString(hash)); + + connection.close(); + } catch (Exception e) { + e.printStackTrace(); + } + } +}