Displaying test cases 247876 - 247900 of 248586 in total
-
Hardcoded string input filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
Hardcoded string input filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
Hardcoded string input filtering : check if there is only numbers sink : SQL query
-
Hardcoded string input filtering : check if there is only numbers sink : SQL query
-
input : direct user input in string filtering : check if there is only numbers sink : SQL query
-
Hardcoded string input filtering : remove semi-colon and all invalid filenames and chars in paths sink : run ls in a dir
-
Command line args filtering : check if there is only numbers construction : concatenation with simple quote
-
Hardcoded string input filtering : check if there is only numbers construction : concatenation with simple quote
-
Safe sample input : get the field userData from the variable $_GET via an object sanitize : use of the function htmlspecialchars. Sanitizes the query but has a high chance to produce unexpected results File : use of untrusted data in one side of a quoted expression in a script
-
Safe sample input : Get a serialize string in POST and unserialize it sanitize : use of intval File : unsafe, use of untrusted data in a property value in a span tag(CSS)
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted SANITIZE : use of http_build_query File : use of untrusted data in a double quoted string in a script
-
Safe sample input : get the field userData from the variable $_GET via an object, which store it in a array sanitize : use of ternary condition construction : concatenation with simple quote
-
Safe sample input : get the field userData from the variable $_GET via an object, which store it in a array SANITIZE : use of preg_replace with another regex construction : use of sprintf via a %s with simple quote
-
Safe sample input : get the field userData from the variable $_GET via an object, which store it in a array sanitize : cast via + = 0.0 construction : concatenation with simple quote
-
Safe sample input : get the $_GET['userData'] in an array sanitize : use of intval construction : use of sprintf via a %d with simple quote
-
Safe sample input : get the field userData from the variable $_GET via an object, which store it in a array sanitize : cast in float construction : use of sprintf via a %u
-
Safe sample input : get the field userData from the variable $_GET via an object sanitize : check if there is only letters construction : use of sprintf via a %s with simple quote
-
Safe sample input : get the field userData from the variable $_GET via an object SANITIZE : use in_array to check if $tainted is in the white list construction : use of sprintf via a %s with simple quote
-
Safe sample input : get the field userData from the variable $_GET via an object sanitize : use the function escapeshellarg construction : concatenation with simple quote
-
Safe sample input : Get a serialize string in POST and unserialize it sanitize : cast into int construction : concatenation with simple quote
-
Safe sample input : execute a ls command using the function system, and put the last result in $tainted sanitize : settype (float) construction : use of sprintf via a %d
-
Safe sample input : execute a ls command using the function system, and put the last result in $tainted sanitize : cast via + = 0.0 construction : concatenation with simple quote
-
Safe sample input : get the field UserData from the variable $_POST sanitize : use of floatval construction : use of sprintf via a %u
-
Safe sample input : Uses popen to read the file /tmp/tainted.txt using cat command SANITIZE : use in_array to check if $tainted is in the white list construction : concatenation with simple quote
-
Safe sample input : reads the field UserData from the variable $_GET sanitize : cast via + = 0 construction : concatenation with simple quote