Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Template Shares (http://www.bvlist.com/forumdisplay.php?f=26)
-   -   TSSE v5.6 DECODED (NULLED BY Nightcrawler) (http://www.bvlist.com/showthread.php?t=3580)

Nightcrawler 12th October 2009 14:23

TSSE v5.6 DECODED (NULLED BY Nightcrawler)
 
2 Attachment(s)
attention

Attention


USER REPORT: error.php is a backdoor





I have pretty much nulled this one as far as the eye can see there is no callbacks in any of the code relating to TS
I have also added in the TS ip in the ban list to ensure there is no way the server can be reached.

:ok:

mmisu120000 12th October 2009 15:36

Good job!

I will test it ...

Nightcrawler 12th October 2009 16:23

fix for takeupload....

find...

Code:

unset ($dict['value'][{'created by'}]);
    unset ($dict['value'][{'announce-list'}]);

replace

Code:

unset ($dict['value']['created by']);
    unset ($dict['value']['announce-list']);


DrNet 12th October 2009 18:14

well , login to Staff Panel and click on Users List and u will got this (No user found!) , i think this is because the SQL is not related to v5.6.

Best Regards
DrNet

Nightcrawler 12th October 2009 18:22

Quote:

Originally Posted by DrNet (Post 16467)
well , login to Staff Panel and click on Users List and u will got this (No user found!) , i think this is because the SQL is not related to v5.6.

Best Regards
DrNet

Oh yeh is it just that part thats the problem ill look into that now.

aMiGo1972 12th October 2009 18:23

Good news!
Thankyou very much!

Nightcrawler 12th October 2009 19:38

Quote:

Originally Posted by DrNet (Post 16467)
well , login to Staff Panel and click on Users List and u will got this (No user found!) , i think this is because the SQL is not related to v5.6.

Best Regards
DrNet

did u add any users m8 it doesn't show staff btw. screen shot attached.

C2DaJ 12th October 2009 19:47

Good work, Imma have a look :drink:

DrNet 12th October 2009 19:53

no i didn't , btw u used nulled by aser version right ??

Nightcrawler 12th October 2009 19:57

Quote:

Originally Posted by DrNet (Post 16475)
no i didn't , btw u used nulled by aser version right ??


I used the one that said working not nulled.

DrNet 12th October 2009 20:00

lol , i found the same problem in v5.4.1

Nightcrawler 12th October 2009 20:02

Quote:

Originally Posted by DrNet (Post 16478)
lol , i found the same problem in v5.4.1

Ok you lost me now :)

DrNet 12th October 2009 20:04

i don't know what's wrong , i hope some 1 will fix this soon

Nightcrawler 12th October 2009 20:10

Quote:

Originally Posted by DrNet (Post 16480)
i don't know what's wrong , i hope some 1 will fix this soon


what part?

DrNet 12th October 2009 20:12

Quote:

Originally Posted by Nightcrawler (Post 16482)
what part?

(No user found!)


 









';
  ($res = sql_query ('' . 'SELECT u.*, p.canupload, p.candownload, p.cancomment, p.canmessage, p.canshout, g.namestyle FROM users u LEFT JOIN ts_u_perm p ON (u.id=p.userid) LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE ' . $query . ' ORDER BY u.id DESC '.$limit) OR sqlerr (__FILE__, 137));
  if (1 <= mysql_num_rows ($res))
  {
    while ($arr = @mysql_fetch_array ($res))
    {
      $pic = get_user_icons ($arr);
      $cn = get_user_class_name ($arr['usergroup']);
      echo '






';
    }
 
    echo '
';
    echo '';
  }
  else
  {
    echo '';
  }
Nightcrawler 12th October 2009 20:14

Quote:

Originally Posted by DrNet (Post 16483)
(No user found!)

theres nothing wrong with it you need to add a normal user for it to show it doesn't count staff.

this is the code....

Code:

  if (isset ($_GET['searchby']))
  {
    if ($_GET['searchby'] == 'banned')
    {
      $query = '(u.enabled = \'no\' OR u.usergroup=' . UC_BANNED . ')';
    }
    else
    {
      if ($_GET['searchby'] == 'warned')
      {
        $query = '(u.warned = \'yes\' OR u.leechwarn = \'yes\')';
      }
      else
      {
        if ($_GET['searchby'] == 'donor')
        {
          $query = 'u.donor = \'yes\'';
        }
        else
        {
          if ($_GET['searchby'] == 'vip')
          {
            $query = 'u.usergroup = \'' . UC_VIP . '\'';
          }
          else
          {
            if ($_GET['searchby'] == 'poweruser')
            {
              $query = 'u.usergroup = \'' . UC_POWER_USER . '\'';
            }
            else
            {
              $query = 'u.usergroup = \'' . UC_USER . '\'';
            }
          }
        }
      }
    }
  }
  else
  {
    $query = 'u.usergroup = \'' . UC_USER . '\'';
  }
 
  (($res = sql_query ('SELECT COUNT(*) FROM users WHERE ' . str_replace ('u.', '', $query)) OR sqlerr (__FILE__, 110)) OR sqlerr (__FILE__, 110));
  $row = mysql_fetch_array ($res);
  $count = $row[0];
  $perpage = $ts_perpage;
  list ($pagertop, $pagerbottom, $limit) = pager ($perpage, $count, $_this_script_ . '&' . ($_GET['searchby'] ? 'searchby=' . htmlspecialchars ($_GET['searchby'] . '&') : ''));
  stdhead ('UsersList');
  if (mysql_num_rows ($res) == 0)
  {
    begin_main_frame ();
  }
 
  $users = number_format (tsrowcount ('id', 'users', 'usergroup=\'' . UC_USER . '\''));
  begin_frame ('' . 'Users List (' . $users . ')', true);
  begin_table (true);
  echo '
Search: Show ALL | banned| warned | donor | vip | poweruser
ID Username e-mail Joined DELETE BAN UNBAN
' . $arr[id] . ' ' . get_user_color ($arr['username'], $arr['namestyle']) . ' ' . $pic . ' (' . $cn . ') ' . (($arr['enabled'] == 'no' ? '(banned)' : $arr['usergroup'] == 9) ? '(banned)' : '') . (($arr['warned'] == 'yes' ? '(warned)' : $arr['leechwarn'] == 'yes') ? '(leechwarned)' : '') . '' . htmlspecialchars_uni ($arr['ip']) . ' ' . $arr[email] . ' ' . $arr[added] . '














' . $pagerbottom . '
No user found!

DrNet 12th October 2009 20:21

Quote:

 









';
  ($res = sql_query ('' . 'SELECT u.*, p.canupload, p.candownload, p.cancomment, p.canmessage, p.canshout, g.namestyle FROM users u LEFT JOIN ts_u_perm p ON (u.id=p.userid) LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE ' . $query . ' ORDER BY u.id DESC '.$limit) OR sqlerr (__FILE__, 137));
  if (1 <= mysql_num_rows ($res))
  {
    while ($arr = @mysql_fetch_array ($res))
    {
      $pic = get_user_icons ($arr);
      $cn = get_user_class_name ($arr['usergroup']);
      echo '






';
    }
 
    echo '
';
    echo '';
  }
  else
  {
    echo '';
  }


Originally Posted by Nightcrawler (Post 16484)
theres nothing wrong with it you need to add a normal user for it to show it doesn't count staff.

this is the code....

Code:

  if (isset ($_GET['searchby']))
  {
    if ($_GET['searchby'] == 'banned')
    {
      $query = '(u.enabled = \'no\' OR u.usergroup=' . UC_BANNED . ')';
    }
    else
    {
      if ($_GET['searchby'] == 'warned')
      {
        $query = '(u.warned = \'yes\' OR u.leechwarn = \'yes\')';
      }
      else
      {
        if ($_GET['searchby'] == 'donor')
        {
          $query = 'u.donor = \'yes\'';
        }
        else
        {
          if ($_GET['searchby'] == 'vip')
          {
            $query = 'u.usergroup = \'' . UC_VIP . '\'';
          }
          else
          {
            if ($_GET['searchby'] == 'poweruser')
            {
              $query = 'u.usergroup = \'' . UC_POWER_USER . '\'';
            }
            else
            {
              $query = 'u.usergroup = \'' . UC_USER . '\'';
            }
          }
        }
      }
    }
  }
  else
  {
    $query = 'u.usergroup = \'' . UC_USER . '\'';
  }
 
  (($res = sql_query ('SELECT COUNT(*) FROM users WHERE ' . str_replace ('u.', '', $query)) OR sqlerr (__FILE__, 110)) OR sqlerr (__FILE__, 110));
  $row = mysql_fetch_array ($res);
  $count = $row[0];
  $perpage = $ts_perpage;
  list ($pagertop, $pagerbottom, $limit) = pager ($perpage, $count, $_this_script_ . '&' . ($_GET['searchby'] ? 'searchby=' . htmlspecialchars ($_GET['searchby'] . '&') : ''));
  stdhead ('UsersList');
  if (mysql_num_rows ($res) == 0)
  {
    begin_main_frame ();
  }
 
  $users = number_format (tsrowcount ('id', 'users', 'usergroup=\'' . UC_USER . '\''));
  begin_frame ('' . 'Users List (' . $users . ')', true);
  begin_table (true);
  echo '
Search: Show ALL | banned| warned | donor | vip | poweruser
ID Username e-mail Joined DELETE BAN UNBAN
' . $arr[id] . ' ' . get_user_color ($arr['username'], $arr['namestyle']) . ' ' . $pic . ' (' . $cn . ') ' . (($arr['enabled'] == 'no' ? '(banned)' : $arr['usergroup'] == 9) ? '(banned)' : '') . (($arr['warned'] == 'yes' ? '(warned)' : $arr['leechwarn'] == 'yes') ? '(leechwarned)' : '') . '' . htmlspecialchars_uni ($arr['ip']) . ' ' . $arr[email] . ' ' . $arr[added] . '














' . $pagerbottom . '
No user found!
aha , sorry i got it :drink:

PRODIGY 13th October 2009 19:14

i cant login to staff panel neither change the pincode.....

Nightcrawler 13th October 2009 19:23

Quote:

Originally Posted by PRODIGY (Post 16518)
i cant login to staff panel neither change the pincode.....

did you set the pincode during installation?

PRODIGY 13th October 2009 19:30

Quote:

Originally Posted by Nightcrawler (Post 16519)
did you set the pincode during installation?

yes but i cant login....

Nightcrawler 13th October 2009 19:33

Quote:

Originally Posted by PRODIGY (Post 16520)
yes but i cant login....

any errors?

PRODIGY 13th October 2009 19:37

nothing at all....also i put the users i had in the previous version 5.4.1 and the torrents
users are ok but torrents no....the description of the torrents doesnt apear...language greek

Nightcrawler 13th October 2009 20:20

Quote:

Originally Posted by PRODIGY (Post 16522)
nothing at all....also i put the users i had in the previous version 5.4.1 and the torrents
users are ok but torrents no....the description of the torrents doesnt apear...language greek

it will still be a but buggy from the decoding and is way not ready yet you can try this for the pincode.

Go into phpmyadmin click on pincode add this into the sections...

pincode: a7ddaf65a159a86316f42aa6b599f733
sechash: dd9dd8a56fcb780832c8819fd233a31d
area:1

then pincode will be 1234

Ashur 13th October 2009 23:01

will test out this soon :)

if you make tons of fixes please re-release it as a newer version :D

I hope scrape works on this version, it's very important for me

Corli 14th October 2009 09:54

i have the same problem :P

Nightcrawler 14th October 2009 12:55

Quote:

Originally Posted by DrNet (Post 16533)
Use the encoded Benq file , download the attached file and replace it .

Yeh i tried all these fixes and got no where even tried an older version ill get to the bottom of it even if you comment out that part that creates the error you then get the dict error its enough to drive you mad :fire:

Tony 14th October 2009 17:37

you done a good job nightcrawler and everything works fine on it

dont know why people are having trouble with the scrape as im running it now with uploaded torrents seeding fine :)

thats without ioncube loader btw

Nightcrawler 14th October 2009 18:54

Quote:

Originally Posted by Tony (Post 16550)
you done a good job nightcrawler and everything works fine on it

dont know why people are having trouble with the scrape as im running it now with uploaded torrents seeding fine :)

thats without ioncube loader btw

Cheers for the confirmation on that

francisco23 16th October 2009 03:46

fix for takeedit.php

find...
PHP Code:

unset ($dict['value'][{'created by'}]);
      unset (
$dict['value'][{'announce-list'}]); 

replace
PHP Code:

unset ($dict['value']['created by']);
      unset (
$dict['value']['announce-list']); 

Quote:

Originally Posted by DrNet (Post 16533)
Use the encoded Benq file , download the attached file and replace it .

Thanks DrNet
now if it works well thanks


gets the following error to have configured the script follows the image of the left side shows the error and Cultural UP right there not a way to set to avoid having to bring the following to create a torrent.

http://mmmmmmmmmmmmmmm/announce.php?...f33da02d3b6591

Ideally, only to place the

http://mmmmmmmmmmmmmmm/announce.php

pergo 17th October 2009 01:15

error
 
hi,

i can't install this version i get a error that de database file most be uploaded in binary ??? step5

i'm ussing plesk9.0 windows2003.

i want to test it.

thanks in advanced

FireDK 17th October 2009 14:18

Great job with the nulling. Many thanks!

I have a problem with my install, though: when I go into the Track Settings to configure my install, I get a "An error has occured! MySQL Error!" page on every option in the left side menu.

Since it's not a specific error, I have no idea what's causing it so I can try and fix it.
If anybody has any ideas, please share.

My install is a test on localhost, with Apache 2.2.14, PHP 5.3.0 and MySQL 5.1.39

Nightcrawler 17th October 2009 14:26

Quote:

Originally Posted by FireDK (Post 16590)
Great job with the nulling. Many thanks!

I have a problem with my install, though: when I go into the Track Settings to configure my install, I get a "An error has occured! MySQL Error!" page on every option in the left side menu.

Since it's not a specific error, I have no idea what's causing it so I can try and fix it.
If anybody has any ideas, please share.

My install is a test on localhost, with Apache 2.2.14, PHP 5.3.0 and MySQL 5.1.39

Is it windows?



Quote:

Originally Posted by pergo (Post 16580)
hi,

i can't install this version i get a error that de database file most be uploaded in binary ??? step5

i'm ussing plesk9.0 windows2003.

i want to test it.

thanks in advanced

transfer it with ftp in binary mode.

FireDK 17th October 2009 14:54

Quote:

Originally Posted by Nightcrawler (Post 16591)
Is it windows?

Yeah, it is.



I've managed to narrow down the error to this part of the /include/ts_functions.php (around line 540).

Code:

if (0 < count ($updateuser))
    {
      (sql_query ('UPDATE users SET ' . implode (', ', $updateuser) . ('' . ' WHERE id=' . $id)) OR sqlerr (__FILE__, 378));
    }

This lead me to line 87 of the same file, inside the sql_query function.

Code:

$__return = mysql_query ($_run_query);
Here I get this error:

Code:

Query: UPDATE users SET page = '/admin/managesettings.php?do=main&sessionhash=okgljrdtjg3lucgicvnpe9p1a1&tshash=948fe263ac6c9faf86a9d5885cc25cdb', last_login = '2009-10-17 15:22:36', last_access = NOW() WHERE id=3

Error: Data too long for column 'page' at row 1

So I guess the 'page' column shouldn't be so small in the install script (create_tables.php, line 1191). I've modified it to a 'mediumtext' and all seems OK for now.

Code:

Original: `page` varchar(100) NOT NULL default \'\',

Modified: `page` mediumtext NOT NULL,


Nightcrawler 17th October 2009 14:58

Quote:

Originally Posted by FireDK (Post 16593)
Yeah, it is.
I've managed to narrow down the error to this part of the /include/ts_functions.php (around line 540).

Well I heard there was a bug in php 5.3.0 with "php5.3.0/ext/php_mysql.dll"
and what you need to do is download phpbb5.2 and replace the "php_mysql.dll" in it in the Php5.3 directory.

fireman 18th October 2009 05:26

nice work

konvolut 18th October 2009 11:43

changing Tracksettings
 
At first ty nightcrawler for your perfect work. But still having problems with changing Tracksettings.
Did anyone has a reason why i cant change the trackersettings. Settings are not saved for me after setting. ty

Nightcrawler 18th October 2009 11:46

Are your config files readable/writable by server?

konvolut 18th October 2009 12:01

Change settings
 
Ty, it was really a chmod problem in config dir. Sry! But an important question, what are the right permissions in this directory? Because in installation guide it shows like Chmod 0777 but I think its unbelieveable becuase every user can read and execute files in config dir. And htaccess dont work for me with lighty webserver. Best regards

Nightcrawler 18th October 2009 12:04

best to fix all settings then make them just readable by server only.

konvolut 18th October 2009 12:34

seetings
 
okay, ty again. Last question. I have also a big problem with recaptcha. I set in to on and now To use reCAPTCHA you must get an API key from...!

Okay my mistake but I have there an account and keys. But now I cant change to Trackersettings again because this mistake. Did someone know where are the settings in DB to change login without recaptcha manually or where i can put into my keys manually to login again and make it clean?

_______________________________________________
EDIT

I fixed it...!


All times are GMT +2. The time now is 11:58.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.