Btiteam / XBTIT Forum

xbtit => XBTIT Support => Topic started by: fatdragon on October 13, 2019, 03:14:40 PM

Title: Multiple Vulnerabilities in XBTIT
Post by: fatdragon on October 13, 2019, 03:14:40 PM
Has these been addressed yet !?

https://rastating.github.io/xbtit-multiple-vulnerabilities/ (https://rastating.github.io/xbtit-multiple-vulnerabilities/)
Title: Re: Multiple Vulnerabilities in XBTIT
Post by: King Cobra on October 13, 2019, 03:38:19 PM
I know some xss has been fixed
Title: Re: Multiple Vulnerabilities in XBTIT
Post by: fatdragon on October 13, 2019, 08:03:53 PM
I also see some patches on that link and recommendation to upgrade!
Title: Re: Multiple Vulnerabilities in XBTIT
Post by: King Cobra on October 15, 2019, 03:44:59 AM
I also see some patches on that link and recommendation to upgrade!
If you want you can become a contributor on the github cause I'm the only one & I have other xbtit scripts to work on besides this one also
Title: Re: Multiple Vulnerabilities in XBTIT
Post by: fatdragon on October 16, 2019, 06:53:48 PM
Yea, sure..I am also checking my old 2.0 code into git as I am making lots of changes to the prviate tracker..I created few hack in last few days to only allow certain old torrent clients! I tested while I brought server down for 4/5 days with various clients and etc..I share the small hack here in case someone can use!
So now I have to watch the server..make sure members can use it properly and watch these pissed off cheaters/hackers!  after that few more weeks of taxes and stuff and then I need to get to 2.6 version. which then I can provide feedback in upgrade and hack my way! I ain't no expert..but if I need to get anything done I will do it! don't matter what it is.system, security, network, development, devops and etc..! still wish I could retire though! Give me some time so I can catch up with 2.6 codebase!

I might have pissed lots of trollers and php hackers after i brought the tracker back online! lol!
I see them trying to get back in again and use the exploit to use it into their ratio cheater clients!
Code: [Select]
69.89.31.90 - - [16/Oct/2019:20:39:47 -0700] "GET /index.php?page=torrent-details&id=7050b650beec861626e8e152281befe7b1b035051111111111111%27%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45),CHAR(45,120,49,49,45,81,45),CHAR(45,120,49,50,45,81,45),CHAR(45,120,49,51,45,81,45),CHAR(45,120,49,52,45,81,45),CHAR(45,120,49,53,45,81,45),CHAR(45,120,49,54,45,81,45),CHAR(45,120,49,55,45,81,45),CHAR(45,120,49,56,45,81,45)%20--%20/*%20order%20by%20%27as HTTP/1.1" 403 336 "-" "-"


I also see some patches on that link and recommendation to upgrade!
If you want you can become a contributor on the github cause I'm the only one & I have other xbtit scripts to work on besides this one also