7
Hi how are you. I think kind sir due to the registration process you have found an injestable $_GET for mailing user 1 with the mail function. That as far as I can tell is the last one, I got one today from:
Quote:
robot@xortify.com
duz4nliza has just registered!
please notice the mail function is only triggerable there is no user creation thank goodness.
Needs to be salted with the MD5 for user sessions to prevent this and all other hacks as in the 2.6 Hypothesis document in the XOOPS Document area. Thoses ifs and butts for the need for a SECURE Define against build me ups
Look at the registration process for example on www.xortify.com it is profile 1.61 with validation and it is still happening so the problem is with the assignment of you 'key' with blowfish combination of a
DefiNE and a passkey from the database for a MD5 session to prevent this error.
Perhaps in further forensics it is one of your registered users. An example of blowfish combination with the sessions in xhelp 1.61 and the RSS Feeds and auto user leveling key with tickets.
www.ohloh.net/accounts/226400
Follow, Like & Read:-
twitter.com/RegaltyFamily
github.com/Chronolabs-Cooperative
facebook.com/DrAntonyRoberts