What vulnerability or issue is the code susceptible to?

Lori is creating a login page using Java on one of her websites with the following code. What
vulnerability or issue is the code susceptible to?
conn = pool.getConnection();
String sql = “select * from user where
username=’” + “’ and password=’” + password +
“’”;
stmt = conn.createstatement();
rs = stmt.executeQuery(sql);
if (rs.next())
{
loggedIn = true;
out.println(“Successfully logged in”);
}
else
{
out.println(“Username and/or password not valid”);
}

Lori is creating a login page using Java on one of her websites with the following code. What
vulnerability or issue is the code susceptible to?
conn = pool.getConnection();
String sql = “select * from user where
username=’” + “’ and password=’” + password +
“’”;
stmt = conn.createstatement();
rs = stmt.executeQuery(sql);
if (rs.next())
{
loggedIn = true;
out.println(“Successfully logged in”);
}
else
{
out.println(“Username and/or password not valid”);
}

A.
SQL injection

B.
Directory transversal

C.
SQL slamming

D.
Query string manipulation

Explanation:

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *