Thanks very much for the update and for fixing it!

Exploiting a vulnerability =/= creating a vulnerability. But you're right, unfinished code probably was exploited.

Well, I'm glad you saw this at any rate. Just get this ship fixed up and tighten the bolts that are loose so people can't retrace this guy's steps.

Although on the bit about being discreet, I do understand people online have a history of not giving a shit until shit breaks publically and reveals much stuff people tried to keep secure, so I don't blame you for this route - I just think people would have taken you plenty seriously if you'd done it the way I suggested above (and also because you hacked into the admin's account, which of things to take seriously is pretty damn high up there).

Error
404
Sorry, the page /editprofile.php?request=47f8bb3b84a1c1b6848cfbe30a68aa9c&reset=b23bef2902d7878a81a0b324ac9565b2 does not exist

Oh BOY I just LOVE to see that there's no way to reset my password when I don't remember what it is, yessirree!

this is not the hacker's fault, of course, he/she could not know that the password reset was broken

historical note - sorry if this comes off as mean, wasn't in the best of moods for obvious reasons