Support » Fixing WordPress » b2mail security and bug

  • As you can see, the b2email.php public expose your login and email. And there is a bug too:
    Subject: blog:testing post via email
    Content-type: text/plain, boundary:
    Raw content:
    Just testing!
    Login: admin, Pass: ****
    Fatal error: Call to undefined function: rss_update() in /wp/b2mail.php on line 221

Viewing 6 replies - 1 through 6 (of 6 total)
  • no response…?

    i noticed the same thing…

    hmm just tested it again…password definitly exposed, so i’ve disabled it for now, but on top of that, the first email will get posted, but then i get an rss error, so the email doesn’t get deleted, doesn’t process the next email, and every time b2mail is re-run the same email gets posted…again! It’s probably one of my settings…

    delete the rss_update line ๐Ÿ˜‰
    and make sure you do get your emails out of the system by simply create a pop account to get the mails in you รณutlook ‘ or mail prog.
    Password is shown allright so thats why you should get the mail out of there ๐Ÿ˜‰

    echo “<b>Login:</b> $user_login, <b>Pass:</b> $user_pass”; that line is round line number 187 in your mail script just comment it out // ๐Ÿ˜‰

    same post keeps on accuring since there are lines of code that cause the script to not finish.. bailing before the delete occurs.
    Make sure all functions that aren’t in the release are removed, they cause fatal exceptions

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘b2mail security and bug’ is closed to new replies.