That's hard - both to do and to exploit once you've done it.
Much easier to rely on the fact that either the application stack is vulnerable or, even more likely, a human being fucked things up.
Much easier to rely on the fact that either the application stack is vulnerable or, even more likely, a human being fucked things up.