[deleted by admin]
Copy and paste that whole thing into an address bar, it will show my email. This works for all users appropriately modified, possibly with a script adding a UID# until it runs out.
and this one is a maybe
[deleted by admin]
This reveals my password, but it appears encrypted. It appearing at all is a problem potentially. A friend is helping me find more, hope these are fixed soon. thank you.
I am rebuilding efiction! Join us on irc! #efiction at
Hm I'm recieving a fatal error for both, but I will try this with my site.
I'm sure Tammy will try to fix this. (It did just as you said it would whenI tried it.) In the meantime, check that in phpinfo to see if your site has register_globals on. I'm guessing they do, and if so, turn them off. I'm pretty sure that will stop this from happening. My site has them off and I just got errors when I tried this.
Add this to viewpage.php at line 24.
$current = str_replace(" ", "", $current);
Also, if you find anything else like this, please don't post it publicly. Let's not help the hackers. Okay?
alright, thanks, yes good idea ^^ i'll try those two
Register_globals is off in the panel by default. The patch worked for those two examples.
Apparently my friend hacked my admin account and changed both email and password, this was prior to the patch. I'll PM Carissa the details for before and after the patch.
I am rebuilding efiction! Join us on irc! #efiction at
PM them to Tammy...I'd just be forwarding them to her anyway.
