diff --git a/pre-registration/vulnerable.java b/pre-registration/vulnerable.java new file mode 100644 index 0000000000..2a4591ec63 --- /dev/null +++ b/pre-registration/vulnerable.java @@ -0,0 +1,36 @@ +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.ResultSet; +import java.sql.Statement; +import java.security.MessageDigest; +import java.util.Base64; + +public class VulnerableCode { + public static void main(String[] args) { + // Simulated malicious input for SQL Injection + String userInput = "admin' OR '1'='1"; + + try { + // Vulnerable SQL Query + Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/testdb", "root", "password"); + Statement statement = connection.createStatement(); + String query = "SELECT * FROM users WHERE username = '" + userInput + "'"; + ResultSet resultSet = statement.executeQuery(query); + + // Print the results + while (resultSet.next()) { + System.out.println("User: " + resultSet.getString("username")); + } + + // Insecure Cryptography Example: MD5 for hashing passwords + String password = "supersecretpassword"; + MessageDigest md = MessageDigest.getInstance("MD5"); // MD5 is cryptographically broken + byte[] hash = md.digest(password.getBytes()); + System.out.println("MD5 Hash of password: " + Base64.getEncoder().encodeToString(hash)); + + connection.close(); + } catch (Exception e) { + e.printStackTrace(); + } + } +}