...
| Code Block |
|---|
SELECT * FROM db_user WHERE username='<USERNAME>' AND
password='<PASSWORD>'
|
If it returns any records, the user name and password are valid.
...
| Code Block | ||
|---|---|---|
| ||
class Login {
public Connection getConnection() throws SQLException {
DriverManager.registerDriver(new
com.microsoft.sqlserver.jdbc.SQLServerDriver());
String dbConnection =
PropertyManager.getProperty("db.connection");
// can hold some value like
// "jdbc:microsoft:sqlserver://<HOST>:1433,<UID>,<PWD>"
return DriverManager.getConnection(dbConnection);
}
String hashPassword(char[] password) {
// create hash of password
}
public void doPrivilegedAction(String username, char[] password)
throws SQLException {
Connection connection = getConnection();
if (connection == null) {
// handle error
}
try {
String pwd = hashPassword(password);
String sqlString = "SELECT * FROM db_user WHERE username = '"
+ username +
"' AND password = '" + pwd + "'";
Statement stmt = connection.createStatement();
ResultSet rs = stmt.executeQuery(sqlString);
if (!rs.next()) {
throw new SecurityException(
"User name or password incorrect"
);
}
// Authenticated; proceed
} finally {
try {
connection.close();
} catch (SQLException x) {
// forward to handler
}
}
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
class XXE {
private static void receiveXMLStream(InputStream inStream,
DefaultHandler defaultHandler)
throws ParserConfigurationException, SAXException, IOException {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
saxParser.parse(inStream, defaultHandler);
}
public static void main(String[] args)
throws ParserConfigurationException, SAXException, IOException {
receiveXMLStream(new FileInputStream("evil.xml"),
new DefaultHandler());
}
}
|
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a2c6b3c660626279-6f835ad0-445d49bb-b5178183-7bf764bbab3cad139e165ca6"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Injection [RST] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-116. Improper encoding or escaping of output |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bc20806246f5d6ae-b2b01ea9-493641a1-8156be5f-4b177529cd61192d21301a75"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. Bibliography#OWASP 05]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="54e6a1e2e9667eb5-0c969337-484e4e34-9ea2aa64-be2790f9b20ee5a65c661ca7"><ac:plain-text-body><![CDATA[ | [[OWASP 2007 | AA. Bibliography#OWASP 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6612ea2c45add542-e64dfe66-44b149c8-9cc5aa14-305e33097aa167348a46678b"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. Bibliography#OWASP 08]] | [Testing for XML Injection (OWASP-DV-008) | https://www.owasp.org/index.php/Testing_for_XML_Injection_%28OWASP-DV-008%29] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4d16c37e34dac272-4baa83cd-4f0d4fed-baacab06-29cc42a24e350f7aa229009b"><ac:plain-text-body><![CDATA[ | [[W3C 2008 | AA. Bibliography#W3C 08]] | 4.4.3, Included If Validating | ]]></ac:plain-text-body></ac:structured-macro> |
...