How to log in to CMS Of Doom™...
What could go wrong?
MD5 password hashing? HTTP links? Extracting the whole $_POST array?

Ok, you win!

md5(password) is the password reset token? 🥲

Mmmmmmmm yummy. Extract that shit and fix that security hole!

I sometimes wonder, how are you people not yet hacked?

I have a static HTML website on CloudFront and I get shitton of php attacks like execute function, print ...etc.

At the very least SQL-injections are taken care of and the *entire* "login"-usecase fits into one screenshot! I have seen worse. This is all fixable. I bet you one ++ this thing has some ancient hand written autoloader along with composer autoloading in newer parts of the system ❤️

You just gotta throw a spare ring-of-power into the cms of doom, should solve your problems right quick.

Don't forget the eagles though. Gotta have eagle when the whole thing blows up.

Don't you love legacy PHP code. I love it.

I'm over here writing in php 8.2 doing all the neat things. Ticket drops on jira.hey uh we have this code from 10 years ago. Make it SSO. K thnx bye.

Fuck there goes my week...

@rootshell sadly that's how it is...

Ughhhhhhhhhhhhhh. That's some kill me now code.

Hope you got xdebug and some energy drinks. That's gonna need a fixin.