Displaying test cases 5276 - 5300 of 113211 in total
-
Command line args Xpath replace char sink : SQL query
-
input : shell commands Xpath replace char sink : SQL query
-
Command line args filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
input : direct user input in string filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
input : shell commands filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
input : direct user input in string filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
input : direct user input in string filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
input : direct user input in string filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
input : direct user input in string filtering : check if there is only numbers sink : SQL query
-
input : shell commands filtering : check if there is only numbers sink : SQL query
-
input : shell commands filtering : check if there is only numbers sink : SQL query
-
input : shell commands filtering : check if there is only numbers sink : SQL query
-
Command line args no filtering sink : SQL query
-
Hardcoded string input no filtering sink : SQL query
-
input : direct user input in string no filtering sink : SQL query
-
input : shell commands no filtering sink : SQL query
-
Hardcoded string input filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter construction : concatenation with simple quote
-
input : direct user input in string filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter construction : concatenation with simple quote
-
input : direct user input in string filtering : remove semi-colon and all invalid filenames and chars in paths construction : concatenation with simple quote
-
input : direct user input in string filtering : check if there is only numbers construction : concatenation with simple quote
-
input : direct user input in string filtering : check if there is only numbers construction : concatenation with simple quote
-
input : direct user input in string filtering : check if there is only numbers construction : concatenation with simple quote
-
Safe sample input : get the field userData from the variable $_GET via an object SANITIZE : uses of ESAPI, an OWASP API construction : right verification
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : use in_array to check if $tainted is in the white list construction : prepared query and right verification
-
CWE: 89 SQL Injection BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), which could ...