From: Steve B. <st...@mi...> - 2005-09-16 12:35:28
|
Hi, I have found 2 places where a user can use carefully crafted SQL statements (well there not that well crafted i wrote them) to obtain password hashes out of the database. these can then be brute forced. I am sure that someone with more knowledge of SQL can do more stuff. Where would report these issues? Mantis versions tested: - 1.0.0rc2, 1.0.0rc1 does anyone care? Cheers Steve |