WordPress.org

Ready to get started?Download WordPress

Forums

b2mail security and bug (7 posts)

  1. Anonymous
    Unregistered
    Posted 11 years ago #

    As you can see, the b2email.php public expose your login and email. And there is a bug too:
    Subject: blog:testing post via email
    Content-type: text/plain, boundary:
    Raw content:
    admin:******
    Just testing!
    ___
    Login: admin, Pass: ****
    Fatal error: Call to undefined function: rss_update() in /wp/b2mail.php on line 221

  2. fallen
    Member
    Posted 11 years ago #

    no response...?

  3. Anonymous
    Unregistered
    Posted 11 years ago #

    i noticed the same thing...

  4. Anonymous
    Unregistered
    Posted 11 years ago #

    hmm just tested it again...password definitly exposed, so i've disabled it for now, but on top of that, the first email will get posted, but then i get an rss error, so the email doesn't get deleted, doesn't process the next email, and every time b2mail is re-run the same email gets posted...again! It's probably one of my settings...

  5. Anonymous
    Unregistered
    Posted 11 years ago #

    delete the rss_update line ;)
    and make sure you do get your emails out of the system by simply create a pop account to get the mails in you óutlook ' or mail prog.
    Password is shown allright so thats why you should get the mail out of there ;)

  6. Anonymous
    Unregistered
    Posted 11 years ago #

    echo "<b>Login:</b> $user_login, <b>Pass:</b> $user_pass"; that line is round line number 187 in your mail script just comment it out // ;)

  7. Anonymous
    Unregistered
    Posted 11 years ago #

    same post keeps on accuring since there are lines of code that cause the script to not finish.. bailing before the delete occurs.
    Make sure all functions that aren't in the release are removed, they cause fatal exceptions
    dbconnect()
    rss_update()
    ß

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.