[Toddie]

Here is a question that maybe you guys can help me with.

Suppose a user frequents 2 different websites.
Lets assume that user uses the same password for both sites.
lets also assume that both sites use an md5 hash to encrypt passwords.

one site is not vulnerable to sql injection
the other site is vulnerable to sql injection.

If you obtain the users md5 password hash on the vulnerable website, and you "crack" the hash, would the "crack" work on the other site that you were unable to sql inject?

[shabbir]

Moved your query into separate forum and coming to your question.

It should work.

[indiansword]

yes it shdu work as plan text passwords are same AS LONG AS both encryptions are md5.

[Deadly Ghos7]

yeah because for the same string, its md5 hash will always be the same so it will work definitely.

[SpOonWiZaRd]

Just make sure its the same case...