In the following code, which is the location of vulnerability?
1 String username = req.getParameter("loginID");
2 String password = req.getParameter("loginPassword");
3 String sql = "SELECT UserID from Employee WHERE Emp_ID = ? AND Password=?";
4 pstmt = con.prepareStatement(sql);
5 pstmt.setString(1,username);
6 pstmt.setString(2,password);
7 pstmt.execute();
8 user = pstmt.getResultSet();
9 if(user!=null)
10 {
11 while (user.next())
12 {
13 userInfo.add(user.getString(1));
14 }
15 }
16 else
17 {
18 log.debug(“Invalid Login: Login ID-”+ username+” Password-”+ password);
19 }
Reveal answer
Fill a bubble to check yourself