The vulnerability isn't just a way for spammers to auto approve their links. The vulnerability leaves you wide open to all kinds of nasty attacks. How would you like a spammer to get all the income from your directory? How would you like to be locked out of your directory?? Its a pretty serious flaw. As for how the spammers get these links submited... They simply have a program that creates headers and post data, then it is sent directly to your submit.php file as if they filled out the submit form and clicked submit from your site. Its fairly simple to do with the right equipment and/or software.
it doesnt pertain to 3.x nor 2.x now either. I updated the zips personally this morning for David and crew. (2.0 and 2.1) if tim wants to down load and test/mess with it now, he's more than welcome.
I have every faith in your skillz an0n. Have some green for fixing this and my htaccess problem. You guys are da bomb!