Wtf i discoverd a method inside a legacy controller that took a sql command as a parameter, that i could access via a simple http request since it was made in the controller.

  • 1
    A backdoor you think?
  • 1
    What does your information protection and privacy policy say?

    1. Pass this info to your team mates and make a joke about it
    2. Exploit it and see how far you could get
    3. Create a bug and help fix it before the word gets out
    4. Post this on devRant and see what your community thinks
  • 2
    @analsrunhpastor Nahhh, its written by a former company known for write so horrible code, you cant imagine the scale.
  • 3
    @asgs We already facepalmed a lot, i did end up commenting the part out, since i just discovered it like few minutes before i had to leave.
Add Comment