This is a list of reports currently notified to Awooga.

Title Links Issues Description Source
How to Create a Secure Login Script in PHP and MySQL Primary link password-inadequate-hashing uncategorised uncategorised uncategorised

There are several strange / awkward things going on in this tutorial, which some scary practices (considering the title is secure login script).

The buggest issue is the incorrect hashing of passwords.

User: github.com/PeeHaa
Test title Primary link sql-injection (fixed) uncategorised uncategorised

My description

<script>var i = 0;</script>

A linky made safe?

Another link, this one should be OK.

User: github.com/halfer
How to Code a Signup Form with Email Confirmation Primary link password-inadequate-hashing deprecated-library

The password hashing uses an inadequate algorithm, and there's no per-user salting either.

User: github.com/halfer
Login Form Using Ajax and jQuery Primary link sql-injection password-clear deprecated-library

Usual complement of SQL injection and unhashed password issues.

Repo: 1
Simple Login using a MySQL database Primary link sql-injection password-clear

SQL injection and unhashed/unsalted user passwords from what looks like an unvetted community coder site. The author has been notified.

Repo: 1
Sending info to a mysql database Primary link sql-injection deprecated-library

The author admits to 'ole trial and error', but nevertheless SQL injection features front and centre. This has been pointed out in the comments, and there is even a promise from the author to fix it, now 2.5 years old.

Repo: 1
Android Login and Registration with PHP, MySQL and SQLite Primary link sql-injection password-inadequate-hashing deprecated-library

Same security issues as a number of Android API tutorials I've seen.

Repo: 1
Android Spinner MySQL Database Using PHP , JSON Download Source code , Android Spinner Example Tutorial Retrieving Database from sql Primary link sql-injection deprecated-library

Uses a the legacy database library, and new_category.php contains SQL injection flaws. There appears to be no authentication in front of write operations, so it looks like any user on the web can perform them.

Repo: 1
Android MultiCast Push Notifications using GCM [Greeting App] Primary link sql-injection deprecated-library

An Android tutorial presenting a PHP/MySQL API with legacy library and SQL injection issues.

Repo: 1
PHP Login Script with Session Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
PHP Change Password Script Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
PHP User Authentication with MySQL Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
iOS Login and Signup Screen tutorial : Swift + XCode 6 + iOS 8 + JSON Primary link password-inadequate-hashing

Remarkably, the PHP API code uses parameterisation via the MySQLi engine, and so at first glance is safe with regards to SQL injection. However the self-assembly of the JSON response string is risky, and MD5 is no longer regarded as a suitable hash for password storage.

Repo: 1
PHP AJAX Programming Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
Simple Login with CodeIgniter in PHP Primary link password-inadequate-hashing

A CodeIgniter tutorial that uses MD5 to hash passwords, with no salt.

Repo: 1
Android Push Notifications using Google Cloud Messaging (GCM), PHP and MySQL Primary link sql-injection deprecated-library

Another tutorial site recommending the use of the deprecated MySQL library, and with several SQL injection vulnerabilities in the code. I have let the author know, as usual.

Repo: 1
jQuery Autocomplete Mutiple Fields Using jQuery, Ajax, PHP and MySQL Primary link [ Secondary link ] sql-injection

Two versions of this tutorial. Have contacted the author to let them know about the SQL injection issue in both.

Repo: 1
Demo Facebook like Button Application Using PHP, MySQL, jQuery and Ajax Primary link sql-injection deprecated-library

Uses legacy library, similar SQL injection vulns to other MySQL tutorials on this domain.

Repo: 1
Responsive Quiz Application Using PHP, MySQL, jQuery, Ajax and Twitter Bootstrap Primary link sql-injection deprecated-library

Uses legacy library. Several SQL injection vulnerabilities here.

Repo: 1
Instant Search With Pagination in PHP, MySQL, jQuery and Ajax Primary link [ Secondary link ] sql-injection deprecated-library

Two similar pagination tutorials, both with security vulnerabilities

Repo: 1
1 2 3