API tools faq
paste
Guest User

Untitled

a guest
Dec 4th, 2017
1,167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.86 KB | None | 0 0
raw download clone embed print report
  1. +-----------+----+--------+
  2. | userName | id | pass |
  3. +-----------+----+--------+
  4. | admin | 1 | admin |
  5. | user | 2 | pass |
  6. | chuchelo | 3 | elli |
  7. +-----------+----+--------+
  8.  
  9. class UserLogin {
  10. String name;
  11. String pass;
  12.  
  13. public UserLogin() {
  14. }
  15.  
  16. public void login() {
  17. BufferedReader reader = null;
  18. try{
  19. reader = new BufferedReader(new InputStreamReader(System.in));
  20.  
  21. System.out.println("user name: ");
  22. name = reader.readLine();
  23.  
  24. System.out.println("pass: ");
  25. pass = reader.readLine();
  26. } catch (IOException e) {
  27. e.printStackTrace();
  28. }finally {
  29. if (reader != null)
  30. try {
  31. reader.close();
  32. } catch (IOException e) {
  33. e.printStackTrace();
  34. }
  35. }
  36. }
  37.  
  38. UserLogin user = new UserLogin();
  39. user.login();
  40. try (Connection connect = MyConnection.getConnection()){
  41. Statement statement = connect.createStatement();
  42. String query = "SELECT userName, id, pass FROM users WHERE userName='" + user.name + "' AND pass = '" + user.pass + "'";
  43. System.out.println(query);
  44. ResultSet resultSet = statement.executeQuery(query);
  45.  
  46. while (resultSet.next()){
  47. System.out.printf("User: id=%d name=%s pass=%sn",
  48. resultSet.getInt("id"),
  49. resultSet.getString("userName"),
  50. resultSet.getString("pass"));
  51. }
  52. MyConnection.closeConnect();
  53. } catch (SQLException e) {
  54. e.printStackTrace();
  55. }
  56.  
  57. user name: admin
  58. pass: admin
  59.  
  60. User: id=1 name=admin pass=admin
  61.  
  62. SELECT userName, id, pass FROM users WHERE userName='admin' AND pass = 'admin'
  63.  
  64. user name: admin' or'1'='1
  65. pass: blabla
  66.  
  67. User: id=1 name=admin pass=admin
  68.  
  69. SELECT userName, id, pass FROM users WHERE userName='admin' or'1'='1' AND pass = 'blabla'
  70.  
  71. UserLogin user = new UserLogin();
  72. user.login();
  73. try (Connection connect = MyConnection.getConnection()){
  74. String query = "SELECT userName, id, pass FROM users WHERE userName=? AND pass=?";
  75. PreparedStatement statement = connect.prepareStatement(query);
  76. statement.setString(1, user.name);
  77. statement.setString(2, user.pass);
  78. System.out.println(statement);
  79. ResultSet resultSet = statement.executeQuery();
  80.  
  81. while (resultSet.next()){
  82. System.out.printf("User: id=%d name=%s pass=%sn",
  83. resultSet.getInt("id"),
  84. resultSet.getString("userName"),
  85. resultSet.getString("pass"));
  86. }
  87. MyConnection.closeConnect();
  88. } catch (SQLException e) {
  89. e.printStackTrace();
  90. }
  91.  
  92. user name: user
  93. pass: pass
  94. User: id=2 name=user pass=pass
  95. Запрос:
  96. SELECT userName, id, pass FROM users WHERE userName='user' AND pass='pass'
  97.  
  98. user name: user' or'1'='1
  99. pass: inject
  100.  
  101. SELECT userName, id, pass FROM users WHERE userName='user' or'1'='1' AND pass='inject'
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!