| Title | Links | Issues | Description | Source |
|---|---|---|---|---|
| PHP Change Password Script | Primary link | sql-injection password-clear deprecated-library |
A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text. |
Repo: 1 |
| Simple Login using a MySQL database | Primary link | sql-injection password-clear |
SQL injection and unhashed/unsalted user passwords from what looks like an unvetted community coder site. The author has been notified. |
Repo: 1 |
| Android MultiCast Push Notifications using GCM [Greeting App] | Primary link | sql-injection deprecated-library |
An Android tutorial presenting a PHP/MySQL API with legacy library and SQL injection issues. |
Repo: 1 |
| Develop a Complete Android Login Registration System with PHP, MySQL | Primary link | sql-injection password-inadequate-hashing deprecated-library |
The usual SQL injection flaws in this one, the author has been notified. Also, the password hashing isn't strong enough. Looks like the login can be bypassed by changing the target user's password |
Repo: 1 |
| Tutorial Make a Simple Website E-Commerce with PHP MySql and Bootstrap | Primary link | sql-injection |
The problem here is the zipfile, which contains SQL injection flaws. I've let the author know, to no avail. |
Repo: 1 |
| Login Form Using Ajax and jQuery | Primary link | sql-injection password-clear deprecated-library |
Usual complement of SQL injection and unhashed password issues. |
Repo: 1 |
| PHP Login Script with Session | Primary link | sql-injection password-clear deprecated-library |
A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text. |
Repo: 1 |
| Youtube like rating script jquery php | Primary link | sql-injection deprecated-library variable-injection |
It's worth disabling JavaScript for this site - the whole page uses JavaScript to redirect to an advertiser's site. PHP code features variable as well as SQL injection. Have contacted the author, and the author has undertaken to fix it. |
Repo: 1 |
| Demo Facebook like Button Application Using PHP, MySQL, jQuery and Ajax | Primary link | sql-injection deprecated-library |
Uses legacy library, similar SQL injection vulns to other MySQL tutorials on this domain. |
Repo: 1 |
| Android Push Notifications using Google Cloud Messaging (GCM), PHP and MySQL | Primary link | sql-injection deprecated-library |
Another tutorial site recommending the use of the deprecated MySQL library, and with several SQL injection vulnerabilities in the code. I have let the author know, as usual. |
Repo: 1 |
| Implement MySQL-based transactions with a new set of PHP extensions | Primary link | sql-injection |
Uses modern MySQLi library, but no parameterisation - vulnerable to SQL injections. Tweeted to publisher to no avail. |
Repo: 1 |
| PHP and MySQL Tutorial | Primary link | sql-injection deprecated-library sql-needs-parameterisation |
A variety of issues with the chapters here. Some seem to be proofed against SQL injection, but nevertheless need parameterisation, others (e.g. Deleting Data from MySQL Database, Updating Data into MySQL Database) contain straightforward SQL injection vulns. Have tweeted to author, recceived no reply. |
Repo: 1 |
| Sending info to a mysql database | Primary link | sql-injection deprecated-library |
The author admits to 'ole trial and error', but nevertheless SQL injection features front and centre. This has been pointed out in the comments, and there is even a promise from the author to fix it, now 2.5 years old. |
Repo: 1 |
| jQuery Autocomplete Mutiple Fields Using jQuery, Ajax, PHP and MySQL | Primary link [ Secondary link ] | sql-injection |
Two versions of this tutorial. Have contacted the author to let them know about the SQL injection issue in both. |
Repo: 1 |
| Responsive Quiz Application Using PHP, MySQL, jQuery, Ajax and Twitter Bootstrap | Primary link | sql-injection deprecated-library |
Uses legacy library. Several SQL injection vulnerabilities here. |
Repo: 1 |
| PHP AJAX Programming | Primary link | sql-injection password-clear deprecated-library |
A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text. |
Repo: 1 |
| PHP User Authentication with MySQL | Primary link | sql-injection password-clear deprecated-library |
A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text. |
Repo: 1 |
| Android PHP/MYSQL Tutorial | Primary link | sql-injection password-clear sql-needs-parameterisation |
SQL injection issues, despite using mysqli. Also incorrectly advocates for the use of plain text in a password storage system. Have contacted the author to ask for improvements. |
Repo: 1 |
| Android Spinner MySQL Database Using PHP , JSON Download Source code , Android Spinner Example Tutorial Retrieving Database from sql | Primary link | sql-injection deprecated-library |
Uses a the legacy database library, and new_category.php contains SQL injection flaws. There appears to be no authentication in front of write operations, so it looks like any user on the web can perform them. |
Repo: 1 |
| Simple registration form in PHP and MYSQL | Primary link | sql-injection password-clear deprecated-library |
Have contacted author about SQL injection, received no response. Also features plain-text passwords. |
Repo: 1 |