Cryptographic failures examples

Author: AndriiPiatakha

Diff for: online-store.web/src/main/java/com/itbulls/learnit/onlinestore/web/controllers/EditProfileServlet.java

@@ -72,9 +72,6 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
 			return;
 		}
 
-		System.out.println(request.getParameter("password").equals(loggedInUser.getPassword()));
-		System.out.println(loggedInUser.getPassword());
-		
 		if (!request.getParameter("password").equals(loggedInUser.getPassword())) {
 			request.getSession().setAttribute("errMsg", rb.getString("signup.err.msg.old.password.wrong"));
 			response.sendRedirect(baseUrl + "/edit-profile");

Diff for: online-store.web/src/main/java/com/itbulls/learnit/onlinestore/web/owasp/cf/problem/SqlInjectionDemoServlet.java

@@ -0,0 +1,39 @@
+package com.itbulls.learnit.onlinestore.web.owasp.cf.problem;
+
+import java.io.IOException;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import com.itbulls.learnit.onlinestore.persistence.utils.DBUtils;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@WebServlet("/sql-injection-demo")
+public class SqlInjectionDemoServlet extends HttpServlet {
+	
+	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		try (var conn = DBUtils.getConnection()) {
+			
+			String idParam = request.getParameter("id");
+			Statement st = conn.createStatement();
+			
+			try (var rs = st.executeQuery("SELECT last_name, email FROM user WHERE id = " + idParam)) {
+				while (rs.next()) {
+					response.getWriter().println("Last name: " 
+								+ rs.getString("last_name") + "\tEmail: " 
+								+ rs.getString("email"));
+					
+				}
+			}
+			
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
+	}
+
+}

Diff for: online-store.web/src/main/java/com/itbulls/learnit/onlinestore/web/owasp/cf/solution/SqlInjectionDemoSolutionServlet.java

@@ -0,0 +1,40 @@
+package com.itbulls.learnit.onlinestore.web.owasp.cf.solution;
+
+import java.io.IOException;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import com.itbulls.learnit.onlinestore.persistence.utils.DBUtils;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@WebServlet("/sql-injection-demo-solution")
+public class SqlInjectionDemoSolutionServlet extends HttpServlet {
+	
+	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		try (var conn = DBUtils.getConnection()) {
+			
+			String idParam = request.getParameter("id");
+			PreparedStatement ps = conn.prepareStatement("SELECT last_name, email FROM user WHERE id = ?;");
+			ps.setString(1, idParam);
+			
+			try (var rs = ps.executeQuery()) {
+				while (rs.next()) {
+					response.getWriter().println("Last name: " 
+								+ rs.getString("last_name") + "\tEmail: " 
+								+ rs.getString("email"));
+					
+				}
+			}
+			
+		} catch (SQLException e) {
+			e.printStackTrace();
+		}
+	}
+
+}