cx-sam-headrick · cx-sam-headrick · Sep 17, 2024 · Oct 9, 2024
diff --git a/src/main/webapp/ForgotPassword.jsp b/src/main/webapp/ForgotPassword.jsp
@@ -39,7 +39,7 @@ if(request.getParameter("secret")!=null)
                  Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties"));
                   ResultSet rs=null;
                   Statement stmt = con.createStatement();  
-                  rs=stmt.executeQuery("select * from users where username='"+request.getParameter("username").trim()+"' and secret='"+request.getParameter("secret")+"'");
+                  //rs=stmt.executeQuery("select * from users where username='"+request.getParameter("username").trim()+"' and secret='"+request.getParameter("secret")+"'");
                   if(rs != null && rs.next()){
                       out.print("Hello "+rs.getString("username")+", <b class='success'> Your Password is: "+rs.getString("password"));
                   }
@@ -51,4 +51,4 @@ if(request.getParameter("secret")!=null)
 
 %>
 
-  <%@ include file="footer.jsp" %>
+  <%@ include file="footer.jsp" %>
diff --git a/src/main/webapp/changeCardDetails.jsp b/src/main/webapp/changeCardDetails.jsp
@@ -40,7 +40,7 @@ if(session.getAttribute("isLoggedIn")!=null)
         if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals(""))
         {
          Statement stmt = con.createStatement();
-         stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')");
+         //stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')");
          out.print("<b style='color:green'> * Card details added *</b>");   
         }
         else
@@ -67,4 +67,4 @@ else
   <!-- CSRF  -->
 <!-- Insecure Direct Object Reference 2 -->
 
- <%@ include file="/footer.jsp" %>
+ <%@ include file="/footer.jsp" %>