Search

Examples: keyword, tutorial title (use quotes), domain, full address, specific issue.

35 results

Title Links Issues Description Source
Login Form Using Ajax and jQuery Primary link sql-injection password-clear deprecated-library

Usual complement of SQL injection and unhashed password issues.

Repo: 1
Simple Login using a MySQL database Primary link sql-injection password-clear

SQL injection and unhashed/unsalted user passwords from what looks like an unvetted community coder site. The author has been notified.

Repo: 1
Sending info to a mysql database Primary link sql-injection deprecated-library

The author admits to 'ole trial and error', but nevertheless SQL injection features front and centre. This has been pointed out in the comments, and there is even a promise from the author to fix it, now 2.5 years old.

Repo: 1
Android Spinner MySQL Database Using PHP , JSON Download Source code , Android Spinner Example Tutorial Retrieving Database from sql Primary link sql-injection deprecated-library

Uses a the legacy database library, and new_category.php contains SQL injection flaws. There appears to be no authentication in front of write operations, so it looks like any user on the web can perform them.

Repo: 1
Android MultiCast Push Notifications using GCM [Greeting App] Primary link sql-injection deprecated-library

An Android tutorial presenting a PHP/MySQL API with legacy library and SQL injection issues.

Repo: 1
PHP Login Script with Session Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
PHP Change Password Script Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
PHP User Authentication with MySQL Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
PHP AJAX Programming Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
Android Push Notifications using Google Cloud Messaging (GCM), PHP and MySQL Primary link sql-injection deprecated-library

Another tutorial site recommending the use of the deprecated MySQL library, and with several SQL injection vulnerabilities in the code. I have let the author know, as usual.

Repo: 1
jQuery Autocomplete Mutiple Fields Using jQuery, Ajax, PHP and MySQL Primary link [ Secondary link ] sql-injection

Two versions of this tutorial. Have contacted the author to let them know about the SQL injection issue in both.

Repo: 1
Demo Facebook like Button Application Using PHP, MySQL, jQuery and Ajax Primary link sql-injection deprecated-library

Uses legacy library, similar SQL injection vulns to other MySQL tutorials on this domain.

Repo: 1
Responsive Quiz Application Using PHP, MySQL, jQuery, Ajax and Twitter Bootstrap Primary link sql-injection deprecated-library

Uses legacy library. Several SQL injection vulnerabilities here.

Repo: 1
Develop a Complete Android Login Registration System with PHP, MySQL Primary link sql-injection password-inadequate-hashing deprecated-library

The usual SQL injection flaws in this one, the author has been notified. Also, the password hashing isn't strong enough. Looks like the login can be bypassed by changing the target user's password

Repo: 1
Implement MySQL-based transactions with a new set of PHP extensions Primary link sql-injection

Uses modern MySQLi library, but no parameterisation - vulnerable to SQL injections. Tweeted to publisher to no avail.

Repo: 1
Youtube like rating script jquery php Primary link sql-injection deprecated-library variable-injection

It's worth disabling JavaScript for this site - the whole page uses JavaScript to redirect to an advertiser's site. PHP code features variable as well as SQL injection. Have contacted the author, and the author has undertaken to fix it.

Repo: 1
Simple registration form in PHP and MYSQL Primary link sql-injection password-clear deprecated-library

Have contacted author about SQL injection, received no response. Also features plain-text passwords.

Repo: 1
PHP and MySQL Tutorial Primary link sql-injection deprecated-library sql-needs-parameterisation

A variety of issues with the chapters here. Some seem to be proofed against SQL injection, but nevertheless need parameterisation, others (e.g. Deleting Data from MySQL Database, Updating Data into MySQL Database) contain straightforward SQL injection vulns. Have tweeted to author, recceived no reply.

Repo: 1
Tutorial Make a Simple Website E-Commerce with PHP MySql and Bootstrap Primary link sql-injection

The problem here is the zipfile, which contains SQL injection flaws. I've let the author know, to no avail.

Repo: 1
Android PHP/MYSQL Tutorial Primary link sql-injection password-clear sql-needs-parameterisation

SQL injection issues, despite using mysqli. Also incorrectly advocates for the use of plain text in a password storage system. Have contacted the author to ask for improvements.

Repo: 1
1 2