Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sql Injection Security Issues #14

Open
senzee1984 opened this issue Jul 9, 2022 · 2 comments
Open

Sql Injection Security Issues #14

senzee1984 opened this issue Jul 9, 2022 · 2 comments

Comments

@senzee1984
Copy link

Hey, I find few parameters are vulnerable to SQL injection vulnerability.
A list of affected files:
UserDAO.java
Stocks.java
SupplierDAO.java
ProductDAO.java
CustomerDAO.java
ConnectionFactory.java

@senzee1984
Copy link
Author

senzee1984 commented Jul 9, 2022

In UserDAO.java, multiple parameters such as user, pass, etc. are vulnerable to SQL injection vulnerability.
PoC: Set value of parameter 'user' as ' <SQL Query>--
In CustomerDAO.java, multiple parameters such as searchTxt, customercode, etc. are vulnerable to SQL injection vulnerability.
PoC: Set value of parameter 'searchTxt' as ' <SQL Query>--
In Stocks.java, parameter productcode is vulnerable to SQL injection vulnerability.
PoC: Set value of parameter 'prductcodet' as ' <SQL Query>--
In SupplierDAO.java, parameter searchTxt is vulnerable to SQL injection vulnerability.
PoC: Set value of parameter 'searchTxt' as ' <SQL Query>--
In ProductDAO.java, parameter searchTxt is vulnerable to SQL injection vulnerability.
PoC: Set value of parameter 'searchTxt' as ' <SQL Query>--
In ConnectionFactory.java, multiple parameters such as username, password, user, etc. are vulnerable to SQL injection vulnerability.
PoC: Set value of parameter 'username' as ' <SQL Query>--

@sazanrjb
Copy link
Owner

sazanrjb commented Jul 9, 2022

Hey, I find few parameters are vulnerable to SQL injection vulnerability.
A list of affected files:
UserDAO.java
Stocks.java
SupplierDAO.java
ProductDAO.java
CustomerDAO.java
ConnectionFactory.java

Hey, thanks for finding out time to read through and open the issue.

Since I do not maintain this project anymore, it would be great if you could open a pull request with necessary changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants