Yeah, white-hat on the wave here, I think I found an SQL injection hole at the download script... I tried this as the query and it worked

[thanks for notifying us, the problem will be taken care of asap: -Zafar]

I am not too good at this yet so I am not sure if it could be used for anything! If it really is something or you jsut wanna contact me you can add me to your MSN : mailto:coverflow@gmail.com or add me to MSN !!

O.o
Ok. I don't know what that is!
Hopefully a mod will talk to Zafar.

ill talk to Zafar ASAP

Hope you'll mail me

mail: coverflow@gmail.com

yes i will, after iv talked to Zafar the site admin.

Alright, Fungus IM'd me about it. There does seem to be a security issue, thanks for notifying us. I have emailed Nadeem (nkolia) who coded the script and I told him to email you about it. We should have this fixed asap. Also I'm gona remove the code from your post so that other people don't create more folders or someone possilbly does something malicious.