This is a list of reports currently notified to Awooga.

Title Links Issues Description Source
iOS Login and Signup Screen tutorial : Swift + XCode 6 + iOS 8 + JSON Primary link password-inadequate-hashing

Remarkably, the PHP API code uses parameterisation via the MySQLi engine, and so at first glance is safe with regards to SQL injection. However the self-assembly of the JSON response string is risky, and MD5 is no longer regarded as a suitable hash for password storage.

Repo: 1
PHP Change Password Script Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
Dynamic Star Rating with PHP and jQuery Primary link sql-injection deprecated-library

A site with a large number of vulnerable scripts, including many that are live on the author's own server.

Repo: 1
Simple Login using a MySQL database Primary link sql-injection password-clear

SQL injection and unhashed/unsalted user passwords from what looks like an unvetted community coder site. The author has been notified.

Repo: 1
Create secure login script in PHP Primary link password-clear deprecated-library sql-needs-parameterisation

Tweeted to author about library and parameterisation, and about hashing, but received no response.

Repo: 1
Creating a Login System in PHP (Tutorial) Primary link [ Secondary link ] password-clear sql-needs-parameterisation

Tweeted to author, received no response.

Repo: 1
Android MultiCast Push Notifications using GCM [Greeting App] Primary link sql-injection deprecated-library

An Android tutorial presenting a PHP/MySQL API with legacy library and SQL injection issues.

Repo: 1
Develop a Complete Android Login Registration System with PHP, MySQL Primary link sql-injection password-inadequate-hashing deprecated-library

The usual SQL injection flaws in this one, the author has been notified. Also, the password hashing isn't strong enough. Looks like the login can be bypassed by changing the target user's password

Repo: 1
Tutorial Make a Simple Website E-Commerce with PHP MySql and Bootstrap Primary link sql-injection

The problem here is the zipfile, which contains SQL injection flaws. I've let the author know, to no avail.

Repo: 1
Login Form Using Ajax and jQuery Primary link sql-injection password-clear deprecated-library

Usual complement of SQL injection and unhashed password issues.

Repo: 1
Android Login and Registration with PHP, MySQL and SQLite Primary link sql-injection password-inadequate-hashing deprecated-library

Same security issues as a number of Android API tutorials I've seen.

Repo: 1
PHP Login Script with Session Primary link sql-injection password-clear deprecated-library

A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text.

Repo: 1
Youtube like rating script jquery php Primary link sql-injection deprecated-library variable-injection

It's worth disabling JavaScript for this site - the whole page uses JavaScript to redirect to an advertiser's site. PHP code features variable as well as SQL injection. Have contacted the author, and the author has undertaken to fix it.

Repo: 1
Demo Facebook like Button Application Using PHP, MySQL, jQuery and Ajax Primary link sql-injection deprecated-library

Uses legacy library, similar SQL injection vulns to other MySQL tutorials on this domain.

Repo: 1
Live Username Availability Check using PHP and jQuery AJAX Primary link sql-injection deprecated-library

A site with a large number of vulnerable scripts, including many that are live on the author's own server.

Repo: 1
Facebook Style Like Unlike using PHP jQuery Primary link sql-injection deprecated-library

A site with a large number of vulnerable scripts, including many that are live on the author's own server.

Repo: 1
Android Push Notifications using Google Cloud Messaging (GCM), PHP and MySQL Primary link sql-injection deprecated-library

Another tutorial site recommending the use of the deprecated MySQL library, and with several SQL injection vulnerabilities in the code. I have let the author know, as usual.

Repo: 1
Implement MySQL-based transactions with a new set of PHP extensions Primary link sql-injection

Uses modern MySQLi library, but no parameterisation - vulnerable to SQL injections. Tweeted to publisher to no avail.

Repo: 1
PHP CRUD with Search and Pagination using jQuery AJAX Primary link sql-injection deprecated-library

A site with a large number of vulnerable scripts, including many that are live on the author's own server.

Repo: 1
PHP Voting System with jQuery AJAX Primary link sql-injection deprecated-library

A site with a large number of vulnerable scripts, including many that are live on the author's own server.

Repo: 1
1 2