Here is a question that maybe you guys can help me with. Suppose a user frequents 2 different websites. Lets assume that user uses the same password for both sites. lets also assume that both sites use an md5 hash to encrypt passwords. one site is not vulnerable to sql injection the other site is vulnerable to sql injection. If you obtain the users md5 password hash on the vulnerable website, and you "crack" the hash, would the "crack" work on the other site that you were unable to sql inject?