From: Steve Brocking <steveb@mi...> - 2005-09-16 12:35:28
I have found 2 places where a user can use carefully crafted SQL
statements (well there not that well crafted i wrote them) to obtain
password hashes out of the database.
these can then be brute forced.
I am sure that someone with more knowledge of SQL can do more stuff.
Where would report these issues?
Mantis versions tested: - 1.0.0rc2, 1.0.0rc1
does anyone care?