Codebase I once worked on, I found a /csv route that dropped the entire customer database in CSV format and /route_csv that enumerated all the routes the application had including admin and cron routes :| (denial of service by spamming the cron routes that did no access checking was the least of it).
When I checked the commit date it was 19 months ago..and in production for 17 months :|
The midden and the windmill fully hit each other that day.
Codebase I once worked on, I found a /csv route that dropped the entire customer database in CSV format and /route_csv that enumerated all the routes the application had including admin and cron routes :| (denial of service by spamming the cron routes that did no access checking was the least of it).
When I checked the commit date it was 19 months ago..and in production for 17 months :|
The midden and the windmill fully hit each other that day.