Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > xBTiT
Reply
  #1  
Old 9th April 2010, 10:50
Fynnon's Avatar
Fynnon Fynnon is offline
xxx
 
Join Date: Nov 2007
P2P
Posts: 984
Default New announcement: XBTIT VULNERABILITY
A possible exploit (SQL injection) was discover in the code, please update your trackers ASAP, hackers could retrieve password hash, then accessing your site like you!

Affected version:
- ALL version < revision 584

Vulnerables files:
- users.php
- torrents.php


Manual patch:

1. open users.php

find and replace
PHP Code:
// getting order
          
if (isset($_GET["order"]))
               
$order=htmlspecialchars($_GET["order"]);
          else
              
$order="joined";


          if (isset(
$_GET["by"]))
              
$by=htmlspecialchars($_GET["by"]);
          else
              
$by="ASC"
with
PHP Code:
$order_param=3;
          
// getting order
          
if (isset($_GET["order"]))
             {
             
$order_param=(int)$_GET["order"];
             switch (
$order_param)
               {
               case 
1:
                    
$order="username";
                    break;

               case 
2:
                    
$order="level";
                    break;

               case 
3:
                    
$order="joined";
                    break;

               case 
4:
                    
$order="lastconnect";
                    break;

               case 
5:
                    
$order="flag";
                    break;
                         
               case 
6:
                    
$order="ratio";
                    break;

               default:
                   
$order="joined";

             }
          }
          else
              
$order="joined";


          if (isset(
$_GET["by"]))
           {
              
$by_param=(int)$_GET["by"];
              
$by=($by_param==1?"ASC":"DESC");
          }
          else
              
$by="ASC"
find and replace
PHP Code:
list($pagertop$pagerbottom$limit) = pager(20$count,  $scriptname."&amp;" $addparams.(strlen($addparam)>0?"&amp;":"")."order=$order&amp;by=$by&amp;"); 
with
PHP Code:
list($pagertop$pagerbottom$limit) = pager(20$count,  $scriptname."&amp;" $addparams.(strlen($addparam)>0?"&amp;":"")."order=$order_param&amp;by=$by_param&amp;"); 
find and replace
PHP Code:
$userstpl->set("users_sort_username""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=username&amp;by=".($order=="username" && $by=="ASC"?"DESC":"ASC")."">".$language["USER_NAME"]."</a>".($order=="username"?$mark:""));
$userstpl->set("users_sort_userlevel""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=level&amp;by=".($order=="level" && $by=="ASC"?"DESC":"ASC")."">".$language["USER_LEVEL"]."</a>".($order=="level"?$mark:""));
$userstpl->set("users_sort_joined""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=joined&amp;by=".($order=="joined" && $by=="ASC"?"DESC":"ASC")."">".$language["USER_JOINED"]."</a>".($order=="joined"?$mark:""));
$userstpl->set("users_sort_lastaccess""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=lastconnect&amp;by=".($order=="lastconnect" && $by=="ASC"?"DESC":"ASC")."">".$language["USER_LASTACCESS"]."</a>".($order=="lastconnect"?$mark:""));
$userstpl->set("users_sort_country""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=flag&amp;by=".($order=="flag" && $by=="ASC"?"DESC":"ASC")."">".$language["USER_COUNTRY"]."</a>".($order=="flag"?$mark:""));
$userstpl->set("users_sort_ratio""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=ratio&amp;by=".($order=="ratio" && $by=="ASC"?"DESC":"ASC")."">".$language["RATIO"]."</a>".($order=="ratio"?$mark:"")); 


with

PHP Code:
$userstpl->set("users_sort_username""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=1&amp;by=".($order=="username" && $by=="ASC"?"2":"1")."">".$language["USER_NAME"]."</a>".($order=="username"?$mark:""));
$userstpl->set("users_sort_userlevel""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=2&amp;by=".($order=="level" && $by=="ASC"?"2":"1")."">".$language["USER_LEVEL"]."</a>".($order=="level"?$mark:""));
$userstpl->set("users_sort_joined""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=3&amp;by=".($order=="joined" && $by=="ASC"?"2":"1")."">".$language["USER_JOINED"]."</a>".($order=="joined"?$mark:""));
$userstpl->set("users_sort_lastaccess""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=4&amp;by=".($order=="lastconnect" && $by=="ASC"?"2":"1")."">".$language["USER_LASTACCESS"]."</a>".($order=="lastconnect"?$mark:""));
$userstpl->set("users_sort_country""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=5&amp;by=".($order=="flag" && $by=="ASC"?"2":"1")."">".$language["USER_COUNTRY"]."</a>".($order=="flag"?$mark:""));
$userstpl->set("users_sort_ratio""<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=6&amp;by=".($order=="ratio" && $by=="ASC"?"2":"1")."">".$language["RATIO"]."</a>".($order=="ratio"?$mark:"")); 


save and close.



2. open torrents.php

find and replace

PHP Code:
// getting order
    
if (isset($_GET["order"]))
         
$order=htmlspecialchars(mysql_real_escape_string($_GET["order"]));
    else
        
$order="data";

    
$qry_order=str_replace(array("leechers","seeds","finished"),array($tleechs,$tseeds$tcompletes),$order);

    if (isset(
$_GET["by"]))
        
$by=htmlspecialchars(mysql_real_escape_string($_GET["by"]));
    else
        
$by="DESC";


    list(
$pagertop$pagerbottom$limit) = pager($torrentperpage$count,  $scriptname."&amp;" $addparam.(strlen($addparam)>0?"&amp;":"")."order=$order&amp;by=$by&amp;"); 


with

PHP Code:
// getting order
    
$order_param=3;
    if (isset(
$_GET["order"]))
       {
         
$order_param=(int)$_GET["order"];
         switch (
$order_param)
           {
           case 
1:
                
$order="cname";
                break;
           case 
2:
                
$order="filename";
                break;
           case 
3:
                
$order="data";
                break;
           case 
4:
                
$order="size";
                break;
           case 
5:
                
$order="seeds";
                break;
           case 
6:
                
$order="leechers";
                break;
           case 
7:
                
$order="finished";
                break;
           case 
8:
                
$order="dwned";
                break;
           case 
9:
                
$order="speed";
                break;
           default:
               
$order="data";
               
         }

    }
    else
        
$order="data";

    
$qry_order=str_replace(array("leechers","seeds","finished"),array($tleechs,$tseeds$tcompletes),$order);

    
$by_param=2;
    if (isset(
$_GET["by"]))
      {
        
$by_param=(int)$_GET["by"];
        
$by=($by_param==1?"ASC":"DESC");
    }
    else
        
$by="DESC";


    list(
$pagertop$pagerbottom$limit) = pager($torrentperpage$count,  $scriptname."&amp;" $addparam.(strlen($addparam)>0?"&amp;":"")."order=$order_param&amp;by=$by_param&amp;"); 



find and replace

PHP Code:
$torrenttpl->set("torrent_pagertop",$pagertop);
$torrenttpl->set("torrent_header_category","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=cname&amp;by=".($order=="cname" && $by=="ASC"?"DESC":"ASC")."">".$language["CATEGORY"]."</a>".($order=="cname"?$mark:""));
$torrenttpl->set("torrent_header_filename","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=filename&amp;by=".($order=="filename" && $by=="ASC"?"DESC":"ASC")."">".$language["FILE"]."</a>".($order=="filename"?$mark:""));
$torrenttpl->set("torrent_header_comments",$language["COMMENT"]);
$torrenttpl->set("torrent_header_rating",$language["RATING"]);
$torrenttpl->set("WT",intval($CURUSER["WT"])>0,TRUE);
$torrenttpl->set("torrent_header_waiting",$language["WT"]);
$torrenttpl->set("torrent_header_download",$language["DOWN"]);
$torrenttpl->set("torrent_header_added","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=data&amp;by=".($order=="data" && $by=="ASC"?"DESC":"ASC")."">".$language["ADDED"]."</a>".($order=="data"?$mark:""));
$torrenttpl->set("torrent_header_size","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=size&amp;by=".($order=="size" && $by=="DESC"?"ASC":"DESC")."">".$language["SIZE"]."</a>".($order=="size"?$mark:""));
$torrenttpl->set("uploader",$SHOW_UPLOADER,TRUE);
$torrenttpl->set("torrent_header_uploader",$language["UPLOADER"]);
$torrenttpl->set("torrent_header_seeds","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=seeds&amp;by=".($order=="seeds" && $by=="DESC"?"ASC":"DESC")."">".$language["SHORT_S"]."</a>".($order=="seeds"?$mark:""));
$torrenttpl->set("torrent_header_leechers","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=leechers&amp;by=".($order=="leechers" && $by=="DESC"?"ASC":"DESC")."">".$language["SHORT_L"]."</a>".($order=="leechers"?$mark:""));
$torrenttpl->set("torrent_header_complete","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=finished&amp;by=".($order=="finished" && $by=="ASC"?"DESC":"ASC")."">".$language["SHORT_C"]."</a>".($order=="finished"?$mark:""));
$torrenttpl->set("torrent_header_downloaded","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=dwned&amp;by=".($order=="dwned" && $by=="ASC"?"DESC":"ASC")."">".$language["DOWNLOADED"]."</a>".($order=="dwned"?$mark:""));
$torrenttpl->set("torrent_header_speed","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=speed&amp;by=".($order=="speed" && $by=="ASC"?"DESC":"ASC")."">".$language["SPEED"]."</a>".($order=="speed"?$mark:""));
$torrenttpl->set("torrent_header_average",$language["AVERAGE"]); 


with

PHP Code:
$torrenttpl->set("torrent_pagertop",$pagertop);
$torrenttpl->set("torrent_header_category","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=1&amp;by=".($order=="cname" && $by=="ASC"?"2":"1")."">".$language["CATEGORY"]."</a>".($order=="cname"?$mark:""));
$torrenttpl->set("torrent_header_filename","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=2&amp;by=".($order=="filename" && $by=="ASC"?"2":"1")."">".$language["FILE"]."</a>".($order=="filename"?$mark:""));
$torrenttpl->set("torrent_header_comments",$language["COMMENT"]);
$torrenttpl->set("torrent_header_rating",$language["RATING"]);
$torrenttpl->set("WT",intval($CURUSER["WT"])>0,TRUE);
$torrenttpl->set("torrent_header_waiting",$language["WT"]);
$torrenttpl->set("torrent_header_download",$language["DOWN"]);
$torrenttpl->set("torrent_header_added","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=3&amp;by=".($order=="data" && $by=="ASC"?"2":"1")."">".$language["ADDED"]."</a>".($order=="data"?$mark:""));
$torrenttpl->set("torrent_header_size","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=4&amp;by=".($order=="size" && $by=="DESC"?"1":"2")."">".$language["SIZE"]."</a>".($order=="size"?$mark:""));
$torrenttpl->set("uploader",$SHOW_UPLOADER,TRUE);
$torrenttpl->set("torrent_header_uploader",$language["UPLOADER"]);
$torrenttpl->set("torrent_header_seeds","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=5&amp;by=".($order=="seeds" && $by=="DESC"?"1":"2")."">".$language["SHORT_S"]."</a>".($order=="seeds"?$mark:""));
$torrenttpl->set("torrent_header_leechers","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=6&amp;by=".($order=="leechers" && $by=="DESC"?"1":"2")."">".$language["SHORT_L"]."</a>".($order=="leechers"?$mark:""));
$torrenttpl->set("torrent_header_complete","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=7&amp;by=".($order=="finished" && $by=="ASC"?"2":"1")."">".$language["SHORT_C"]."</a>".($order=="finished"?$mark:""));
$torrenttpl->set("torrent_header_downloaded","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=8&amp;by=".($order=="dwned" && $by=="ASC"?"2":"1")."">".$language["DOWNLOADED"]."</a>".($order=="dwned"?$mark:""));
$torrenttpl->set("torrent_header_speed","<a href="$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=9&amp;by=".($order=="speed" && $by=="ASC"?"2":"1")."">".$language["SPEED"]."</a>".($order=="speed"?$mark:""));
$torrenttpl->set("torrent_header_average",$language["AVERAGE"]); 
save and close.

your tracker should be patched
Reply With Quote
The Following 5 Users Say Thank You to Fynnon For This Useful Post:
BamBam0077 (25th December 2022), DAKz (24th May 2011), lexlore (10th July 2019), VIPER790 (9th January 2022), z3ro (3rd June 2021)
  #2  
Old 12th April 2010, 11:35
pedro444's Avatar
pedro444 pedro444 is offline
Member
 
Join Date: Dec 2009
Portugal
Posts: 9
Unhappy FIX PROTECTION
CORRECTION Security Tracker CyBerFuN xBTiT FULLY MODDED
And I thank WHY enfectado..
Reply With Quote
Reply

Tags
announcement , vulnerability , xbtit

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Announcement Problem rulebreaker Yuna Scatari Edition (YSE) 10 15th June 2020 22:15
TS 5.1 Announcement Problem rulebreaker Template Shares 4 7th October 2009 00:49
[important] urgent - protection fix Fynnon xBTiT 1 17th April 2009 03:27
IRC announcement.. wizard2 Torrent Strike 0 26th October 2008 20:24
Urgent Help !!!!! DrNet Template Shares 2 3rd August 2008 06:19



All times are GMT +2. The time now is 08:51. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.