Check path hijacking:
sudo -l User www-data can run /usr/bin/crackerfg as root without password. crackerfg
$db_user = "webapp"; $db_pass = "crackme_123"; Try admin:crackme_123 on the login page → success. Check path hijacking: sudo -l User www-data can