UN Website Hacked using simple SQL Injection
This is what happens when you skimp on resources for projects, take shortcuts, and frankly, hire amateurs.
So many times I've shown up on projects and client sites, take a quick look at the code, then see how vulnerable a site is with injection attacks. In NYC there's a system in place run by the Government that has this vulnerability to this day. I informed the owners of the system of the presence, but they shrugged it off. At that point it was all CYA on notification about the issue as I was there for something else.
'Hackers' deface UN site