|
|
|
|
|
|
by thornofmight
4271 days ago
|
|
|
I know for a fact that there was a source disclosure MySQL injection bug on many of the pages in SR. There was also other MySQL Injection bugs. You could even look through the SR forum archive and find people talking about how the search field at one point was exploitable by the standard "' or 'a'='a" and was disclosing customer's names and addresses. |
|
|