It seems like any username that includes a semicolon at any point will authenticate. I can't imagine what their code would have to look like in order for that to happen.
http://news.ycombinator.com/item?id=2330694
It seems like any username that includes a semicolon at any point will authenticate. I can't imagine what their code would have to look like in order for that to happen.