Merge pull request #1 from Neeraj-007/master

sqli done
akankshar05 · Dec 16, 2021 · 2c05411 · 2c05411
2 parents 49f41eb + 971f174
commit 2c05411
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 84 deletions.
diff --git a/attack.html b/attack.html
diff --git a/extra_ashu/ashu.js b/extra_ashu/ashu.js
diff --git a/index.html b/index.html
@@ -17,7 +17,7 @@
         <div class="form">
             <h2>User Login</h2>
             <form action="/" method="POST">
-                <input type="email" name="username" class="input-field" placeholder="Username" />
+                <input type="text" name="username" class="input-field" placeholder="Username" />
                 <input type="password" name="password" class="input-field" placeholder="Password" />
                 <input type="submit" class="btn" value="LOGIN">
             </form>

diff --git a/login.js b/login.js
@@ -1,6 +1,3 @@
-
-
-
 const mysql = require("mysql");
 const express = require("express");
 var path = require('path')
@@ -9,8 +6,6 @@ const encoder = bodyParser.urlencoded();
 
 const app = express();
 app.use("assests",express.static("assests"));
-// app.use()
-// app.use(express.static(path.join(__dirname, 'assets')));
 
 const connection = mysql.createConnection({
     host: "localhost",
@@ -33,19 +28,33 @@ app.get("/",function(req,res){
 app.post("/",encoder, function(req,res){
     var username = req.body.username;
     var password = req.body.password;
-    var sql = "inesrt into credentials values ?";
-    connection.query("select * from credentials where user_name = ? and user_pass = ?",[username,password],function(error,results,fields){
+
+    var sql = "select * from credentials where user_name ='"+username+"'  and user_pass ='"+password+"'";
+
+
+    // var sql = "inesrt into credentials values ?";
+    console.log(sql);
+
+    connection.query(sql,[username,password],function(error,results,fields){
         if (results.length > 0) {
             console.log("old user");    
+            console.log(sql);
+            console.log(results);
+            console.log(results.length);
             res.redirect("/welcome");
             // console.log("new user");
         } else {
-            // res.redirect("/");
-            console.log("new user");
-            connection.query(sql,['null', username, password], function(err){
-                if (err) throw err
-            })
-            res.redirect("/welcome")
+            res.redirect("/wrong_pswd");
+
+            // var newsql="insert into credentials values('null','"+username+"','"+password+"')"
+            // var newsql="insert into credentials values( null,' "+username+"','"+password+"')"
+            // console.log("new user");
+            // console.log(newsql);
+
+            // connection.query(newsql,[username, password], function(err){
+            //     if (err) throw err
+            // })
+            // res.redirect("/welcome")
         }
         res.end();
     })
@@ -55,6 +64,9 @@ app.post("/",encoder, function(req,res){
 app.get("/welcome",function(req,res){
     res.sendFile(__dirname + "/welcome.html")
 })
+app.get("/wrong_pswd",function(req,res){
+    res.sendFile(__dirname + "/wrong_pswd.html")
+})
 
 
 // set app port 

diff --git a/tempCodeRunnerFile.js b/tempCodeRunnerFile.js
diff --git a/wrong_pswd.html b/wrong_pswd.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>wrong</title>
+</head>
+<body>
+    <h1>WRONG - PASSWORD</h1>
+</body>
+</html>