-simple-vulnerable's Introduction
-simple-vulnerable's People
-simple-vulnerable's Issues
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Description:
Do not leave debug code in production
File information:
file path: index.php
original line: 3
Corrected code in diff format:
`` --- index.php
+++ index.php
@@ -1,9 +1,5 @@
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Description:
Do not leave debug code in production
File information:
file path: index.php
original line: 3
Corrected code in diff format:
--- index.php
+++ index.php
@@ -1,9 +1,5 @@
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Do not leave debug code in production
file path: index.php
original line: 3
affected code: <?php
// Conexión a la base de datos (modifica con tus propios parámetros de conexión)
$servername = "localhost";
$username = "tu_usuario";
$password = "tu_contraseña";
$dbname = "tu_base_de_datos";
// Crear conexión
$conn = new mysqli($servername, $username, $password, $dbname);
// Verificar conexión
code diff: --- index.php
+++ index.php
@@ -1,9 +1,5 @@
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Description:
Do not leave debug code in production
File information:
- File path: index.php
- Original line: 3
Corrected code in diff format:
+++ index.php
@@ -1,9 +1,5 @@
<?php
// Conexión a la base de datos (modifica con tus propios parámetros de conexión)
-$servername = "localhost";
-$username = "tu_usuario";
-$password = "tu_contraseña";
-$dbname = "tu_base_de_datos";
// Crear conexión
-$conn = new mysqli($servername, $username, $password, $dbname);
+$conn = new mysqli("localhost", "tu_usuario", "tu_contraseña", "tu_base_de_datos");
[Asset plexicus/-simple-vulnerable] User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, label) VALUES (?, ?)");`) or a safe library.
Description:
User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements ($mysqli->prepare("INSERT INTO test(id, label) VALUES (?, ?)");
) or a safe library.
File information:
- File path: index.php
- Original line: 20
Corrected code in diff format:
+++ index.php
@@ -20,7 +20,8 @@
die("Conexión fallida: " . $conn->connect_error);
}
-if(isset($_GET['id'])) {
- $id = $_GET['id'];
- $sql = "SELECT * FROM usuarios WHERE id = $id";
+if(isset($_GET['id'])) {
+ $id = intval($_GET['id']);
+ $stmt = $conn->prepare("SELECT * FROM usuarios WHERE id = ?");
+ $stmt->bind_param("i", $id);
$result = $conn->query($sql);
if ($result->num_rows > 0) {
@@ -28,7 +29,7 @@
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"]. " - Nombre: " . $row["nombre"]. "<br>";
}
- }
+ }
}
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Description:
Do not leave debug code in production
File information:
file path: index.php
original line: 3
Corrected code in diff format:
i
n
d
e
x
.
p
h
p
i
n
d
e
x
.
p
h
p
@
@
1
,
9
1
,
5
@
@
<
?
p
h
p
/
/
C
o
n
e
x
i
ó
n
a
l
a
b
a
s
e
d
e
d
a
t
o
s
(
m
o
d
i
f
i
c
a
c
o
n
t
u
s
p
r
o
p
i
o
s
p
a
r
á
m
e
t
r
o
s
d
e
c
o
n
e
x
i
ó
n
)
$
s
e
r
v
e
r
n
a
m
e
=
"
l
o
c
a
l
h
o
s
t
"
;
$
u
s
e
r
n
a
m
e
=
"
t
u
_
u
s
u
a
r
i
o
"
;
$
p
a
s
s
w
o
r
d
=
"
t
u
_
c
o
n
t
r
a
s
e
ñ
a
"
;
$
d
b
n
a
m
e
=
"
t
u
_
b
a
s
e
_
d
e
_
d
a
t
o
s
"
;
/
/
C
r
e
a
r
c
o
n
e
x
i
ó
n
$
c
o
n
n
=
n
e
w
m
y
s
q
l
i
(
$
s
e
r
v
e
r
n
a
m
e
,
$
u
s
e
r
n
a
m
e
,
$
p
a
s
s
w
o
r
d
,
$
d
b
n
a
m
e
)
;
$
c
o
n
n
=
n
e
w
m
y
s
q
l
i
(
"
l
o
c
a
l
h
o
s
t
"
,
"
t
u
_
u
s
u
a
r
i
o
"
,
"
t
u
_
c
o
n
t
r
a
s
e
ñ
a
"
,
"
t
u
_
b
a
s
e
_
d
e
_
d
a
t
o
s
"
)
;
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Do not leave debug code in production
file path: index.php
original line: 3
affected code: <?php
// Conexión a la base de datos (modifica con tus propios parámetros de conexión)
$servername = "localhost";
$username = "tu_usuario";
$password = "tu_contraseña";
$dbname = "tu_base_de_datos";
// Crear conexión
$conn = new mysqli($servername, $username, $password, $dbname);
// Verificar conexión
code diff: --- index.php
+++ index.php
@@ -1,9 +1,5 @@
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Description:
Do not leave debug code in production
File information:
file path: index.php
original line: 3
Corrected code in diff format:
--- index.php
+++ index.php
@@ -1,9 +1,5 @@
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Description:
Do not leave debug code in production
File information:
- File path: index.php
- Original line: 3
Corrected code in diff format:
+++ index.php
@@ -1,9 +1,5 @@
<?php
// Conexión a la base de datos (modifica con tus propios parámetros de conexión)
-$servername = "localhost";
-$username = "tu_usuario";
-$password = "tu_contraseña";
-$dbname = "tu_base_de_datos";
// Crear conexión
-$conn = new mysqli($servername, $username, $password, $dbname);
+$conn = new mysqli("localhost", "tu_usuario", "tu_contraseña", "tu_base_de_datos"); ```
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Description:
Do not leave debug code in production
File information:
file path: index.php
original line: 3
Corrected code in diff format:
--- index.php
+++ index.php
@@ -1,9 +1,5 @@
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Do not leave debug code in production
file path: index.php
original line: 3
affected code: <?php
// Conexión a la base de datos (modifica con tus propios parámetros de conexión)
$servername = "localhost";
$username = "tu_usuario";
$password = "tu_contraseña";
$dbname = "tu_base_de_datos";
// Crear conexión
$conn = new mysqli($servername, $username, $password, $dbname);
// Verificar conexión
code diff: --- index.php
+++ index.php
@@ -1,9 +1,5 @@
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Description:
Do not leave debug code in production
File information:
- File path: index.php
- Original line: 3
Corrected code in diff format:
`` --- index.php
+++ index.php
@@ -1,9 +1,5 @@
[Asset plexicus/-simple-vulnerable] Do not leave debug code in production
Description:
Do not leave debug code in production
File information:
file path: index.php
original line: 3
Corrected code in diff format:
``--- index.php
+++ index.php
@@ -1,9 +1,5 @@
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.