• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• Java-EE-VulnWeb-master
  • LICENSE
  • VulnWeb.sql
  • README.md
  • VulnWeb
    • src
      • com
        • eveino
          • dao
            • impl
              • UserDaoImpl.java
            • UserDao.java
          • utils
            • HtmlEncode.java
            • XssDefend.java
            • JdbcUtils.java
            • WebUtils.java
          • entity
            • User.java
          • web
            • wrapper
              • EncodingRequest.java
              • HtmlEncodeRequest.java
              • XssDefendRequest.java
            • UI
              • RegisterServletUI.java
              • LoginServletUI.java
            • filter
              • CharacterEncodingFilter.java
              • HtmlFilter.java
              • XssFilter.java
              • WordsFilter.java
            • controller
              • XSSServlet.java
              • RegisterServlet.java
              • CmdServlet.java
              • LoginServlet.java
              • UploadServlet.java
              • DownloadServlet.java
          • service
            • impl
              • BusinessServerImpl.java
            • BusinessServer.java
          • exception
            • UserExistEception.java
      • junit
        • test
          • UserTest.java
          • UserDaoTest.java
      • dbcp.properties
    • .settings
      • org.eclipse.wst.jsdt.ui.superType.container
      • org.eclipse.wst.jsdt.ui.superType.name
      • org.eclipse.wst.common.project.facet.core.xml
      • org.eclipse.wst.common.component
      • .jsdtscope
      • org.eclipse.jdt.core.prefs
      • org.eclipse.core.resources.prefs
    • WebContent
      • show.jsp
      • cmd.jsp
      • xss.jsp
      • message.jsp
      • uploadfile.jsp
      • 404.html
      • index.jsp
      • META-INF
        • MANIFEST.MF
      • WEB-INF
        • lib
          • commons-fileupload-1.3.3.jar
          • commons-dbutils-1.7.jar
          • commons-dbcp2-2.1.1.jar
          • commons-pool2-2.4.3.jar
          • commons-logging-1.2.jar
          • jstl.jar
        • haha
          • haha.txt
          • web.xml
        • jsp
          • register.jsp
          • login.jsp
        • haha.txt
        • web.xml
      • downloadfile.jsp
    • .project
    • .classpath
    • Words
      • com
        • eveino
          • words
            • bandWords.txt
            • auditWords.txt
            • remainWords.txt

package com.eveino.dao.impl;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.List;

import org.apache.commons.dbutils.QueryRunner;
import org.apache.commons.dbutils.handlers.BeanHandler;
import org.apache.commons.dbutils.handlers.BeanListHandler;

import com.eveino.dao.UserDao;
import com.eveino.entity.User;
import com.eveino.utils.JdbcUtils;

public class UserDaoImpl implements UserDao {
	private QueryRunner qr = new QueryRunner(JdbcUtils.getDataSource());

	/*
	 * (non-Javadoc)
	 * 
	 * @see com.eveino.dao.UserDao#addUser(com.eveino.entity.User)
	 */
	@Override
	public void addUser(User user) throws SQLException {
		String sql = "insert into user(id,username,password) values(?,?,?)";
		Object[] params = { user.getId(), user.getUsername(), user.getPassword() };
		qr.update(sql, params);
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see com.eveino.dao.UserDao#deleteUser(java.lang.String)
	 */
	@Override
	public void deleteUser(String id) throws SQLException {
		String sql = "delete from user where id=?";
		Object[] params = { id };
		qr.update(sql, params);
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see com.eveino.dao.UserDao#editUser(com.eveino.entity.User)
	 */
	@Override
	public void updateUser(User user) throws SQLException {
		String sql = "update user set username=?,password=? where id=?";
		Object[] params = { user.getUsername(), user.getPassword(), user.getId() };
		qr.update(sql, params);
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see com.eveino.dao.UserDao#findUser(int)
	 */
/*	@Override
	public User findUser(String username) throws SQLException {
		String sql = "select id,username,password from user where username=?";
		Object[] params = { username };
		User user = qr.query(sql, new BeanHandler<User>(User.class), params);
		return user;
	}*/
	
	//sqli vul Demo
	@Override
	public User findUser(String username) throws SQLException {
		Connection conn = JdbcUtils.getConnection();
		String sql = "select id,username,password from user where username="+"'"+username+"'";
		Statement st = conn.createStatement();
		ResultSet rs= st.executeQuery(sql);
		if(rs.next()){
			User user = new User();
			user.setId(rs.getInt("id"));
			user.setPassword(rs.getString("password"));
			user.setUsername(rs.getString("username"));
			return user;
		}
		conn.close();
		return null;
	}

	@Override
	public User findUser(String username, String password) throws SQLException {
		String sql = "select id,username,password from user where username=? and password =?";
		Object[] params = { username, password };
		User user = qr.query(sql, new BeanHandler<User>(User.class), params);
		return user;
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see com.eveino.dao.UserDao#getAll()
	 */
	@Override
	public List<User> getAll() throws SQLException {
		String sql = "select id,username,password from user";
		List<User> list = qr.query(sql, new BeanListHandler<User>(User.class));
		return list;
	}

}