once you start "groupmsg.php" directly by typing root/groupmsg.php as browserline it will appear without login request. of course one can't send a pm, but rather take attention to this topic than give people access to my root dir and db connection...
what can i do?
MODS.DB9.DK
PHPBB MODS by Niels Chr. This site offer mods for free - limited suppport may be given - please help each other
security hole in custom mass pm?
Moderator: Moderators
Forum rules
The content in this forum is dated Dec. 21 2005 and can be used as Archive only. This Forum is LOCKED and READ ONLY !
The content in this forum is dated Dec. 21 2005 and can be used as Archive only. This Forum is LOCKED and READ ONLY !
2 posts • Page 1 of 1
security hole in custom mass pm?
by giver on Thu 30. Oct, 2003 09:37
- giver
- Poster
- Posts: 1
- Joined: Tue 28. Oct, 2003 00:46
by Niels on Tue 11. Nov, 2003 00:35
First of all, if this is really a security problem, you should contact me directly with EMAIL, simply to awoid posting a potential security risk to the wrong users.
when this is said, I have looked at this, and can not see any problems, the script will not allow users to send any PM, if they are not allowed, if I am mÃstaking, please correct me (by email)
when this is said, I have looked at this, and can not see any problems, the script will not allow users to send any PM, if they are not allowed, if I am mÃstaking, please correct me (by email)
(if a how-to is EM ready, it will mostly be bullet prof, since a machine is more picky than a human. 
)
)-
Niels - Poster
- Posts: 4390
- Joined: Sat 27. Jul, 2002 15:46
2 posts • Page 1 of 1
Return to Custom mass PM [2.0.6/EM]
Who is online
Users browsing this forum: No registered users and 1 guest