Quote:
Originally Posted by X
Even if you got the passwords, they are encrypted. Props to @ Pseudo Nim for LB security
|
I mean that’s just basic knowledge anyone with a degree should know, not to store passwords in plain text in the db. When you enter your password it goes through a one way hash function, probably md5 since this site is old unless it has been updated , which is what it is stored in the db as.
Also, if it is md5 most large companies with stuff worth protecting don’t use it anymore since it’s vulnerable now due to the speed of modern computers, fine for LB tho..
And the usual path of the SQL injection is to bypass the login process, not actually get the password.