25

Sooo I've been working on an ancient php 5.6 project that did not have any documentation and was a homemade "framework" created 7 years ago. The original creator is long gone and no one else knows a lot about this project.

When I first looked into it I almost immediately noticed the security flaws...

Old outdated libraries
a "development" feature to easily turn dev mode on/off
BY A GET PARAMETER!

it spits out full sql queries and php warnings -.-

Oh and did I mention that the site is a webshop.... and has a backdoor password?
AND THAT THE CUSTOMER REQUESTED THAT?

Comments
  • 1
    Damn I've got three people including you to join devRant. You're the first one to surpass the one rant mark I think O.o
  • 2
    *silently subscribes to your rants in order to track what you're up to on here* 😜
  • 0
    Oh god... I always thought, tales about security issues like these were either invented or more than 10 years old...
Add Comment