b2mail security and bug (7 posts)

  1. Anonymous
    Posted 12 years ago #

    As you can see, the b2email.php public expose your login and email. And there is a bug too:
    Subject: blog:testing post via email
    Content-type: text/plain, boundary:
    Raw content:
    Just testing!
    Login: admin, Pass: ****
    Fatal error: Call to undefined function: rss_update() in /wp/b2mail.php on line 221

  2. fallen
    Posted 12 years ago #

    no response...?

  3. Anonymous
    Posted 12 years ago #

    i noticed the same thing...

  4. Anonymous
    Posted 12 years ago #

    hmm just tested it again...password definitly exposed, so i've disabled it for now, but on top of that, the first email will get posted, but then i get an rss error, so the email doesn't get deleted, doesn't process the next email, and every time b2mail is re-run the same email gets posted...again! It's probably one of my settings...

  5. Anonymous
    Posted 12 years ago #

    delete the rss_update line ;)
    and make sure you do get your emails out of the system by simply create a pop account to get the mails in you óutlook ' or mail prog.
    Password is shown allright so thats why you should get the mail out of there ;)

  6. Anonymous
    Posted 12 years ago #

    echo "<b>Login:</b> $user_login, <b>Pass:</b> $user_pass"; that line is round line number 187 in your mail script just comment it out // ;)

  7. Anonymous
    Posted 11 years ago #

    same post keeps on accuring since there are lines of code that cause the script to not finish.. bailing before the delete occurs.
    Make sure all functions that aren't in the release are removed, they cause fatal exceptions

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.