Flashbacks to one of my early freelance PHP gigs I did about 2 decades ago where I opened up the existing backend source code to find a load of unsanitised user input directly from the query string getting interpolated into the various SQL queries the application made. Part of me also feels like the “bobby tables” xkcd already existed by this point, so I’ve got no idea how that website managed to not get nuked before I refactored it.
To top it all off, of course the application authenticated with the database using the root user…
Thankfully I think that was the worst I ever discovered in the wild
Flashbacks to one of my early freelance PHP gigs I did about 2 decades ago where I opened up the existing backend source code to find a load of unsanitised user input directly from the query string getting interpolated into the various SQL queries the application made. Part of me also feels like the “bobby tables” xkcd already existed by this point, so I’ve got no idea how that website managed to not get nuked before I refactored it.
To top it all off, of course the application authenticated with the database using the root user…
Thankfully I think that was the worst I ever discovered in the wild