Btiteam / XBTIT Forum

Simple Machines Forum
Welcome, Guest. Please login or register.
Did you miss your activation email?

News: xbtit 3.1 is here now.

 


  • Home
  • Forum
  • Help
  • Staff List
  • Login
  • Register

  • Btiteam / XBTIT Forum »
  • Forum »
  • xbtit »
  • XBTIT Support »
  • Multiple Vulnerabilities in XBTIT
« previous next »
  • Print
Pages: [1]   Go Down

Author Topic: Multiple Vulnerabilities in XBTIT  (Read 1096 times)

Offline fatdragon

  • Jr. Member
  • **
  • Posts: 16
  • Karma: +0/-0
Logged
Multiple Vulnerabilities in XBTIT
« on: October 13, 2019, 03:14:40 PM »
Has these been addressed yet !?

https://rastating.github.io/xbtit-multiple-vulnerabilities/

Offline King Cobra

  • XBTIT Maintainer / Developer
  • Administrator
  • Hero Member
  • ******
  • Posts: 654
  • Karma: +0/-0
  • xbtitFM Administrator
Logged
Re: Multiple Vulnerabilities in XBTIT
« Reply #1 on: October 13, 2019, 03:38:19 PM »
I know some xss has been fixed

Team Viewer

Offline fatdragon

  • Jr. Member
  • **
  • Posts: 16
  • Karma: +0/-0
Logged
Re: Multiple Vulnerabilities in XBTIT
« Reply #2 on: October 13, 2019, 08:03:53 PM »
I also see some patches on that link and recommendation to upgrade!

Offline King Cobra

  • XBTIT Maintainer / Developer
  • Administrator
  • Hero Member
  • ******
  • Posts: 654
  • Karma: +0/-0
  • xbtitFM Administrator
Logged
Re: Multiple Vulnerabilities in XBTIT
« Reply #3 on: October 15, 2019, 03:44:59 AM »
Quote from: fatdragon on October 13, 2019, 08:03:53 PM
I also see some patches on that link and recommendation to upgrade!
If you want you can become a contributor on the github cause I'm the only one & I have other xbtit scripts to work on besides this one also

Team Viewer

Offline fatdragon

  • Jr. Member
  • **
  • Posts: 16
  • Karma: +0/-0
Logged
Re: Multiple Vulnerabilities in XBTIT
« Reply #4 on: October 16, 2019, 06:53:48 PM »
Yea, sure..I am also checking my old 2.0 code into git as I am making lots of changes to the prviate tracker..I created few hack in last few days to only allow certain old torrent clients! I tested while I brought server down for 4/5 days with various clients and etc..I share the small hack here in case someone can use!
So now I have to watch the server..make sure members can use it properly and watch these pissed off cheaters/hackers!  after that few more weeks of taxes and stuff and then I need to get to 2.6 version. which then I can provide feedback in upgrade and hack my way! I ain't no expert..but if I need to get anything done I will do it! don't matter what it is.system, security, network, development, devops and etc..! still wish I could retire though! Give me some time so I can catch up with 2.6 codebase!

I might have pissed lots of trollers and php hackers after i brought the tracker back online! lol!
I see them trying to get back in again and use the exploit to use it into their ratio cheater clients!
Code: [Select]
69.89.31.90 - - [16/Oct/2019:20:39:47 -0700] "GET /index.php?page=torrent-details&id=7050b650beec861626e8e152281befe7b1b035051111111111111%27%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45),CHAR(45,120,49,49,45,81,45),CHAR(45,120,49,50,45,81,45),CHAR(45,120,49,51,45,81,45),CHAR(45,120,49,52,45,81,45),CHAR(45,120,49,53,45,81,45),CHAR(45,120,49,54,45,81,45),CHAR(45,120,49,55,45,81,45),CHAR(45,120,49,56,45,81,45)%20--%20/*%20order%20by%20%27as HTTP/1.1" 403 336 "-" "-"


Quote from: King Cobra on October 15, 2019, 03:44:59 AM
Quote from: fatdragon on October 13, 2019, 08:03:53 PM
I also see some patches on that link and recommendation to upgrade!
If you want you can become a contributor on the github cause I'm the only one & I have other xbtit scripts to work on besides this one also

  • Print
Pages: [1]   Go Up
« previous next »
  • Btiteam / XBTIT Forum »
  • Forum »
  • xbtit »
  • XBTIT Support »
  • Multiple Vulnerabilities in XBTIT
 


Powered by EzPortal
  • SMF 2.0.17 | SMF © 2019, Simple Machines
  • XHTML
  • RSS
  • WAP2