Picked up a legacy site to re-build, turns out just adding:

'?admin=1'

to the query string gave you full admin rights to the entire site without having to authenticate. The site was live for 2 years.

One of our customer thought it would be too unsecure to send us his AWS credentials by email. So he printed it and sent it as registered mail to us. The password we received was "hallo123".

When you see a web service API accepting a SQL query in one of its JSON fields and the evil starts growing within you..

DROP ALL DATABASES

Just because you can!

UN: admin
PW: password

I hacked a browser game a few years ago for fun and the exploit I found and used was basically this:

<$php

$f = $_GET['f'];
$p = $_GET['p'];

$f($p);

So it was possible to pass a function and it's parameter in the URL to the server. The author used this to include() sub pages. I to highlight_file()s.

There is a red button in a briefcase that launches nukes if you got access code.
We then gave it to a emotionally unstable hothead.
Left a post-it with admin password inside briefcase.

A team at school spent 3-4months on an eStore web app, for selling items. The title was "Securing your eStore".

When they were done with their presentation, the examinator asked: "But... You haven't said a thing about the security part."

"Oh, sure we did, as we showed you, we added validation on the email address and credit card text fields etc. If you press the Pay button here, you will get an alert()-dialog telling you which fields are invalid..."

I've seen JavaScript client-side app that was connecting directly to DB using hardcoded (obfuscated, lol) DB password xD

And yes, there was no DB setting that this user is read-only and only from few tables. It was like GRANT * ON *.

Here you go.. wk25 as well as dick joke

Windows 10

Public link to data of students, teachers, everyone. Address, mobile numbers, emails, parents numbers and more.

Whenever a site tells me the password I entered has already been used? I mean how are you supposed to know if you are salting and hashing the password.. Oh wait you probably just save it in plain text!! Please don't!!

Single Sign on Authentication for a growing product suite? Sure, just validate the user's credentials in the dashboard and then pass their role to the product's web app via query parameter. No need for tokens or an auth server!