At my last job, we used a crappy help desk ticketing application called Magic—that was anything but. I’ve complained about it here before, but today’s Daily WTF indicates that I was only talking about its superficial suckiness. SQL in the query string!?!? How would that even occur to a developer?
The SQL injection possibilities are endless.