The SQL Injection is possible if the arguments are not validated.

The SQL Injection is possible because the arguments are not validated before the MySQL query.

This Cross-Site Scripting example shows how a CGI program in C takes the arguments and print it out.

A strcpy is used to copy a string into a heap buffer. The caller shortens the string to prevent a buffer overflow from occuring.

A strncpy safely copies a string into a heap buffer.

System() is called with user-provided data but the data is strictly scrutinized first.

Cross-Site Scripting in C. This is a CGI program which take some parameters values then print it.

This test case show how to solve the [b]PHP Include[/b] problem.[br] The solution consists on the limitation of the possible target files.

Tainted output allows cross-site scripting attack. (fixed version 2)

Tainted output allows cross-site scripting attack.

Execl() is called with user-provided data but only if it matches an item in a safe list.

Tainted data spliced into a SQL query leads to a SQL injection issue. (fixed version)

Sprintf is used to copy a string to a stack buffer. A guard in the caller prevents an overflow from occuring

Sprintf is used to copy a string to a stack buffer. A guard is used to prevent a buffer overflow condition.

Sprintf is used to copy a string to a stack buffer. The length is guarded with a length specifier in the format string preventing a buffer overflow from occuring.

Snprintf is called with an improper bound. A guard in the caller prevents an overflow condition from occuring.

snprintf is used repeatedly while keeping track of the residual buffer length.

snprintf with correct bounds safely copies a string into a heap buffer.

Snprintf is called with a bad bound but is protected with a length specifier in the format string.

Snprintf is called with an improper bound. A guard in the caller prevents an overflow condition from occuring.

A snprintf with an improper bound is protected with a guard that prevents an overflow condition from occuring.

snprintf is used repeatedly while keeping track of the residual buffer length.

Snprintf with a bad bounds is used to copy a string. The buffer is protected from overflowing by a length qualifier in the format.

Snprintf is used to copy several static strings. Although an incorrect bound is given to snprintf, neither string is large enough to cause a buffer overflow.

snprintf with correct bounds safely copies a string into a stack buffer.