From 971f174774550a8d47f125c16bc51834697d097f Mon Sep 17 00:00:00 2001 From: Neeraj Date: Thu, 16 Dec 2021 18:32:12 +0530 Subject: [PATCH] sqli done --- attack.html | 0 extra_ashu/ashu.js | 67 ------------------------------------------- index.html | 2 +- login.js | 38 +++++++++++++++--------- tempCodeRunnerFile.js | 3 -- wrong_pswd.html | 12 ++++++++ 6 files changed, 38 insertions(+), 84 deletions(-) create mode 100644 attack.html delete mode 100644 extra_ashu/ashu.js delete mode 100644 tempCodeRunnerFile.js create mode 100644 wrong_pswd.html diff --git a/attack.html b/attack.html new file mode 100644 index 0000000..e69de29 diff --git a/extra_ashu/ashu.js b/extra_ashu/ashu.js deleted file mode 100644 index a7679cd..0000000 --- a/extra_ashu/ashu.js +++ /dev/null @@ -1,67 +0,0 @@ -const mysql = require("mysql"); -const express = require("express"); -const bodyParser = require("body-parser"); -const { json } = require("body-parser"); -const encoder = bodyParser.urlencoded(); - -const app = express(); -app.use("/assets",express.static("assets")); - -function myMiddleware(req, res, next) { -} - -app.use(encoder) - -const connection = mysql.createConnection({ - host: "localhost", - user: "mysql", - password: "mysql", - database: "server" -}); - -// connect to the database -connection.connect(function(error){ - if (error) throw error - else console.log("connected to the database successfully!") -}); - - -app.get("/",function(req,res){ - res.sendFile(__dirname + "/index.html"); -}) - -app.post("/", myMiddleware, function(req,res){ - var username = req.body.username; - var password = req.body.password; - - connection.query("select * from loginuser where user_name = ? and user_pass = ?",[username,password],function(error,results,fields){ - if (results.length > 0) { - res.redirect("/welcome"); - } else { - res.redirect("/"); - } - res.end(); - }) -}) - -function protected(req, res, next) { - var loggedIn = false; - if (loggedIn) next() - res.send('User not authorized') -} - -// // when login is success -app.get("/welcome", protected, function(req,res){ - // res.sendFile(__dirname + "/welcome.html") - res.send('protected route') -}) - - -// set app port - -app.get('/api/data', (req, res) => { - console.log(req); - res.end('done') -}) - -app.listen(4000); \ No newline at end of file diff --git a/index.html b/index.html index e94e59f..85fedde 100644 --- a/index.html +++ b/index.html @@ -17,7 +17,7 @@

User Login

- +
diff --git a/login.js b/login.js index da6dd7a..53125f9 100644 --- a/login.js +++ b/login.js @@ -1,6 +1,3 @@ - - - const mysql = require("mysql"); const express = require("express"); var path = require('path') @@ -9,8 +6,6 @@ const encoder = bodyParser.urlencoded(); const app = express(); app.use("assests",express.static("assests")); -// app.use() -// app.use(express.static(path.join(__dirname, 'assets'))); const connection = mysql.createConnection({ host: "localhost", @@ -33,19 +28,33 @@ app.get("/",function(req,res){ app.post("/",encoder, function(req,res){ var username = req.body.username; var password = req.body.password; - var sql = "inesrt into credentials values ?"; - connection.query("select * from credentials where user_name = ? and user_pass = ?",[username,password],function(error,results,fields){ + + var sql = "select * from credentials where user_name ='"+username+"' and user_pass ='"+password+"'"; + + + // var sql = "inesrt into credentials values ?"; + console.log(sql); + + connection.query(sql,[username,password],function(error,results,fields){ if (results.length > 0) { console.log("old user"); + console.log(sql); + console.log(results); + console.log(results.length); res.redirect("/welcome"); // console.log("new user"); } else { - // res.redirect("/"); - console.log("new user"); - connection.query(sql,['null', username, password], function(err){ - if (err) throw err - }) - res.redirect("/welcome") + res.redirect("/wrong_pswd"); + + // var newsql="insert into credentials values('null','"+username+"','"+password+"')" + // var newsql="insert into credentials values( null,' "+username+"','"+password+"')" + // console.log("new user"); + // console.log(newsql); + + // connection.query(newsql,[username, password], function(err){ + // if (err) throw err + // }) + // res.redirect("/welcome") } res.end(); }) @@ -55,6 +64,9 @@ app.post("/",encoder, function(req,res){ app.get("/welcome",function(req,res){ res.sendFile(__dirname + "/welcome.html") }) +app.get("/wrong_pswd",function(req,res){ + res.sendFile(__dirname + "/wrong_pswd.html") +}) // set app port diff --git a/tempCodeRunnerFile.js b/tempCodeRunnerFile.js deleted file mode 100644 index 7f0c14b..0000000 --- a/tempCodeRunnerFile.js +++ /dev/null @@ -1,3 +0,0 @@ -app.get("/welcome",function(req,res){ -// res.sendFile(__dirname + "/welcome.html") -// }) \ No newline at end of file diff --git a/wrong_pswd.html b/wrong_pswd.html new file mode 100644 index 0000000..235a25b --- /dev/null +++ b/wrong_pswd.html @@ -0,0 +1,12 @@ + + + + + + + wrong + + +

WRONG - PASSWORD

+ + \ No newline at end of file