This is a list of reports currently notified to Awooga.
Title | Links | Issues | Description | Source |
---|---|---|---|---|
PHP and MySQL Tutorial | Primary link | sql-injection deprecated-library sql-needs-parameterisation |
A variety of issues with the chapters here. Some seem to be proofed against SQL injection, but nevertheless need parameterisation, others (e.g. Deleting Data from MySQL Database, Updating Data into MySQL Database) contain straightforward SQL injection vulns. Have tweeted to author, recceived no reply. |
Repo: 1 |
Sending info to a mysql database | Primary link | sql-injection deprecated-library |
The author admits to 'ole trial and error', but nevertheless SQL injection features front and centre. This has been pointed out in the comments, and there is even a promise from the author to fix it, now 2.5 years old. |
Repo: 1 |
jQuery Autocomplete Mutiple Fields Using jQuery, Ajax, PHP and MySQL | Primary link [ Secondary link ] | sql-injection |
Two versions of this tutorial. Have contacted the author to let them know about the SQL injection issue in both. |
Repo: 1 |
Instant Search With Pagination in PHP, MySQL, jQuery and Ajax | Primary link [ Secondary link ] | sql-injection deprecated-library |
Two similar pagination tutorials, both with security vulnerabilities |
Repo: 1 |
Responsive Quiz Application Using PHP, MySQL, jQuery, Ajax and Twitter Bootstrap | Primary link | sql-injection deprecated-library |
Uses legacy library. Several SQL injection vulnerabilities here. |
Repo: 1 |
Dynamic Content Load using jQuery AJAX | Primary link | sql-injection deprecated-library |
A site with a large number of vulnerable scripts, including many that are live on the author's own server. |
Repo: 1 |
PHP AJAX Programming | Primary link | sql-injection password-clear deprecated-library |
A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text. |
Repo: 1 |
PHP User Authentication with MySQL | Primary link | sql-injection password-clear deprecated-library |
A site with a large number of scripts featuring SQL injection vulnerabilities. A number of articles, including this one, incorrectly advise programmers to store passwords in plain text. |
Repo: 1 |
Android PHP/MYSQL Tutorial | Primary link | sql-injection password-clear sql-needs-parameterisation |
SQL injection issues, despite using mysqli. Also incorrectly advocates for the use of plain text in a password storage system. Have contacted the author to ask for improvements. |
Repo: 1 |
Tutorial Menu AJAX Add Edit Delete Records in Database using PHP and jQuery | Primary link | sql-injection deprecated-library |
A site with a large number of vulnerable scripts, including many that are live on the author's own server. |
Repo: 1 |
Simple Login with CodeIgniter in PHP | Primary link | password-inadequate-hashing |
A CodeIgniter tutorial that uses MD5 to hash passwords, with no salt. |
Repo: 1 |
Android Spinner MySQL Database Using PHP , JSON Download Source code , Android Spinner Example Tutorial Retrieving Database from sql | Primary link | sql-injection deprecated-library |
Uses a the legacy database library, and new_category.php contains SQL injection flaws. There appears to be no authentication in front of write operations, so it looks like any user on the web can perform them. |
Repo: 1 |
How to Display MySQL Table Data Tutorial | Primary link | sql-injection deprecated-library |
A number of security flaws, and so many syntax issues it wouldn't work at all. The author has promised to fix it. |
Repo: 1 |
Tutorial Menu Using jqGrid Control with PHP | Primary link | sql-injection deprecated-library |
A site with a large number of vulnerable scripts, including many that are live on the author's own server. |
Repo: 1 |
Simple registration form in PHP and MYSQL | Primary link | sql-injection password-clear deprecated-library |
Have contacted author about SQL injection, received no response. Also features plain-text passwords. |
Repo: 1 |
Simple PHP Shopping Cart | Primary link | sql-injection deprecated-library |
A site with a large number of vulnerable scripts, including many that are live on the author's own server. |
Repo: 1 |
PHP CRUD with Search and Pagination | Primary link | sql-injection deprecated-library |
A site with a large number of vulnerable scripts, including many that are live on the author's own server. |
Repo: 1 |
jQuery AJAX Autocomplete – Country Example | Primary link | sql-injection deprecated-library |
A site with a large number of vulnerable scripts, including many that are live on the author's own server. |
Repo: 1 |