This is information about a single report in the Awooga system.

If you are the author of the referenced work, please note that it appears here because it has been judged to contain serious errors, usually of a security nature. Please read the introductory notes on the home page.

Youtube like rating script jquery php

URLs http://www.amitpatil.me/youtube-like-rating-script-jquery-php/
Issues sql-injection Unresolved

The $item variable can be used in a POST op to inject arbitrary SQL into a database query

deprecated-library Unresolved (No comments added)
variable-injection Unresolved

The use of extract() to create variables from unfiltered user input is risky, since it can have malicious uses

Description

It's worth disabling JavaScript for this site - the whole page uses JavaScript to redirect to an advertiser's site. PHP code features variable as well as SQL injection. Have contacted the author, and the author has undertaken to fix it.

Source Repo: 1
Author notified? Yes, on 2014-10-24
Created at: 2015-01-15 15:56:47 • Last updated at: 2017-03-28 16:10:07