b2mail security and bug

  • As you can see, the b2email.php public expose your login and email. And there is a bug too:
    Subject: blog:testing post via email
    Content-type: text/plain, boundary:
    Raw content:
    admin:******
    Just testing!
    ___
    Login: admin, Pass: ****
    Fatal error: Call to undefined function: rss_update() in /wp/b2mail.php on line 221

Viewing 6 replies - 1 through 6 (of 6 total)

  • no response…?

    Thread Starter Anonymous

    i noticed the same thing…

    Thread Starter Anonymous

    hmm just tested it again…password definitly exposed, so i’ve disabled it for now, but on top of that, the first email will get posted, but then i get an rss error, so the email doesn’t get deleted, doesn’t process the next email, and every time b2mail is re-run the same email gets posted…again! It’s probably one of my settings…

    Thread Starter Anonymous

    delete the rss_update line ??
    and make sure you do get your emails out of the system by simply create a pop account to get the mails in you óutlook ‘ or mail prog.
    Password is shown allright so thats why you should get the mail out of there ??

    Thread Starter Anonymous

    echo “<b>Login:</b> $user_login, <b>Pass:</b> $user_pass”; that line is round line number 187 in your mail script just comment it out // ??

    Thread Starter Anonymous

    same post keeps on accuring since there are lines of code that cause the script to not finish.. bailing before the delete occurs.
    Make sure all functions that aren’t in the release are removed, they cause fatal exceptions
    dbconnect()
    rss_update()
    ?

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘b2mail security and bug’ is closed to new replies.