forked from CSPF-Founder/JavaVulnerableLab
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ForgotPassword.jsp
54 lines (48 loc) · 2.24 KB
/
ForgotPassword.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<%@page import="model.DBConnect"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.Connection"%>
<%@ include file="header.jsp" %>
<script type="text/javascript">
$(document).ready(function(){
$("#username").change(function(){
var username = $(this).val();
$.getJSON("UsernameCheck.do","username="+username,function(result)
{
if(result.available==1)
{
$("#status").html("<b style='color:green'>✔</b>");
}
else
{
$("#status").html("<b style='color:red'>✖ username doesn't exist</b>");
}
});
});
});
</script>
Password Recovery:
<form action="ForgotPassword.jsp" method="post">
<table>
<tr><td>Username: </td><td><input type="text" name="username" id="username"/></td><td><span id="status"></span></td></tr>
<tr><td>What's Your Pet's name?: </td><td><input type="text" name="secret" /></td></tr>
<tr><td><input type="submit" name="GetPassword" value="GetPassword"/></td></tr>
</table>
</form><br/>
<%
if(request.getParameter("secret")!=null)
{
Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
ResultSet rs=null;
Statement stmt = con.createStatement();
rs=stmt.executeQuery("select * from users where username='"+request.getParameter("username").trim()+"' and secret='"+request.getParameter("secret")+"'");
if(rs != null && rs.next()){
out.print("Hello "+rs.getString("username")+", <b class='success'> Your Password is: "+rs.getString("password"));
}
else
{
out.print("<b class='fail'> Secret/Email is wrong</b>");
}
}
%>
<%@ include file="footer.jsp" %>