From bafb608f755a0e94d25082662709f0e968923328 Mon Sep 17 00:00:00 2001
From: Adrien de Beaupre <adriendb@gmail.com>
Date: Sun, 26 Mar 2017 11:41:34 -0400
Subject: [PATCH 1/2] Correction of error in code.

Line 18 is $js = "function () { var query = '". $ordersearch . "'; return this.id == query;}";
Should be
$js = "function () { var query = '". $search . "'; return this.id == query;}";
---
 vuln_apps/orderdata.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vuln_apps/orderdata.php b/vuln_apps/orderdata.php
index 39dfa32..427359f 100644
--- a/vuln_apps/orderdata.php
+++ b/vuln_apps/orderdata.php
@@ -15,7 +15,7 @@
        	$db = $conn->shop;
 		 	$collection = $db->orders;
 		 	$search = $_GET['ordersearch'];
-		 	$js = "function () { var query = '". $ordersearch . "'; return this.id == query;}";
+		 	$js = "function () { var query = '". $search . "'; return this.id == query;}";
 		 	//print $js;
 		 	print '<br/>';
        
@@ -48,4 +48,4 @@
 <?php echo $result; ?>
 </div>
 </body>
-</html>
\ No newline at end of file
+</html>

From 598950d06a0c948313d6543cc1996c9aa98c487d Mon Sep 17 00:00:00 2001
From: Adrien de Beaupre <adriendb@gmail.com>
Date: Sun, 26 Mar 2017 11:43:25 -0400
Subject: [PATCH 2/2] Change mongo to localhost

Changed the mongoclient to localhost (127.0.0.1) line 14.
---
 vuln_apps/userdata.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vuln_apps/userdata.php b/vuln_apps/userdata.php
index 303fbef..0fc8165 100644
--- a/vuln_apps/userdata.php
+++ b/vuln_apps/userdata.php
@@ -11,7 +11,7 @@
 	if (isset($_GET['usersearch']) && !empty($_GET['usersearch'])) {
 		try {
       	$result = "";
-       	$conn = new MongoClient('mongodb://192.168.87.157');
+       	$conn = new MongoClient('mongodb://127.0.0.1');
        	$db = $conn->appUserData;
 		 	$collection = $db->users;
 		 	$search = $_GET['usersearch'];
@@ -47,4 +47,4 @@
 <?php echo $result; ?>
 </div>
 </body>
-</html>
\ No newline at end of file
+</html>