malware.yaml

.github/dependabot1.yml

@@ -0,0 +1,12 @@
+name: Sample CI
+
+on:
+  push:
+    branches: [main]  # You can adjust the branch if needed
+
+jobs:
+  sample-ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Print success message
+        run: echo "Sample CI workflow passed successfully!"

rahi.js

@@ -0,0 +1,32 @@
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+public class VulnerableCode {
+
+    public static void main(String[] args) {
+        String username = "maliciousUser'; DROP TABLE users;";
+        String password = "password";
+
+        try {
+            Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/mydb", "root", "root");
+            String sql = "SELECT * FROM users WHERE username = ? AND password = ?";
+            PreparedStatement statement = conn.prepareStatement(sql);
+            statement.setString(1, username);
+            statement.setString(2, password);
+            ResultSet resultSet = statement.executeQuery();
+
+            while (resultSet.next()) {
+                System.out.println("Logged in as: " + resultSet.getString("username"));
+            }
+
+            resultSet.close();
+            statement.close();
+            conn.close();
+        } catch (SQLException e) {
+            e.printStackTrace();
+        }
+    }
+}

test.py

@@ -0,0 +1 @@
+dfdsfdfdf

v.py

@@ -0,0 +1,11 @@
+import os
+
+def insecure_file_access(filename):
+    if filename.endswith(".txt"):
+        with open(filename, "r") as file:
+            content = file.read()
+            print("File contents:", content)
+
+if __name__ == "__main__":
+    user_input = input("Enter a file name: ")
+    insecure_file_access(user_input)