-
sql injection possible
-
binary result returned -> blind sql injection possible (brute forcing for values)
-
execute 2312.sh
-
the java application is completely overkill for this task, I hope this one is sufficient, as it gets the task done
-
user can be supplied as command line parameter like
./2312.sh Franziska Knobel
-
user defaults to Franziska Knobel
-
Email of Franziska Knobel is
hacker30@hack.er
-
escape (sanitize) the user input
-
use prepared statements