killchain-compendium/Miscellaneous/Insecure Functions.md

Insecure Functions

This is an incomplete collection of potentially insecure functions found in well-known programming languages. Look it up to avoid insecure programming pitfalls.

PHP

MySQL

Following functions are insecure without limit or sanitizing input

mysqli_query()
mysql_query()
mysqli_prepare()
query()
prepare()

Local File Inclusion

In concjunction with user input, e.g. POST or GET these functions are insecure

require()
include()
require_once()
include_once()