Hacker News new | past | comments | ask | show | jobs | submit login

Good find, though I don't think most of it is necessary.

It seems like any username that includes a semicolon at any point will authenticate. I can't imagine what their code would have to look like in order for that to happen.




Especially considering they're actually paying monthly for it.

http://news.ycombinator.com/item?id=2330694




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: