XSS: https://web.archive.org/web/20060722051641/http://www.w3scho... / https://web.archive.org/web/20060722073110/http://www.w3scho... / https://web.archive.org/web/20060722072840/http://www.w3scho...
Unauthenticated sessions: https://web.archive.org/web/20060716141638/http://www.w3scho...
MySQL injection: https://web.archive.org/web/20110412041949/http://www.w3scho...
Nothing directly wrong with this one but prepared queries were not well understood at the time: https://web.archive.org/web/20060718041049/http://www.w3scho...
They were very easy to learn from and thus widely popular, but missed critical security context.
XSS: https://web.archive.org/web/20060722051641/http://www.w3scho... / https://web.archive.org/web/20060722073110/http://www.w3scho... / https://web.archive.org/web/20060722072840/http://www.w3scho...
Unauthenticated sessions: https://web.archive.org/web/20060716141638/http://www.w3scho...
MySQL injection: https://web.archive.org/web/20110412041949/http://www.w3scho...
Nothing directly wrong with this one but prepared queries were not well understood at the time: https://web.archive.org/web/20060718041049/http://www.w3scho...
They were very easy to learn from and thus widely popular, but missed critical security context.