Hi, found a bug the message system, the place were you guys can had a image, supposelly, you can only had png, jpg, but well, i bypassed that with somefile.php.jpg
meaning the file can be used has an injection for php shells, in other website's.
example url: http://s3.amazonaws.com/satisfaction-...
Best regards