11 hacks was released today from our developers to the opensource community:
[HACK] Advanced Waiting Time by Diemthuy [HACK] Alternate Torrent's Search [HACK] Friendlist by Diemthuy [HACK] Private Messages Spy (admin panel) by Diemthuy [HACK] Set upload/download speed in MyPanel (linux198) [HACK] Show/Hide news in the new's block (linux198) [HACK] Staff Panel [HACK] Torrent Bar by confe [HACK] Torrent Details Media Player By Djburn [HACK] Torrent moderation by losmi [HACK] Who is online v 1.0 by losmi
you can get them from xbtit hacks area (http://www.btiteam.org/smf/index.php?board=168.0)
Enjoy them and if you like, just give us a feedback
Tired to get stuck on hacks installation? resolve conflict? update the code?
Well xbtitFM make all this for you!
A brief description from main site:
This system was created by our developers after a long experience on working in the bittorrent world and most of them begin to collaborate already when we released btit 1.x. After working for 2 years on the core and making new hacks available, we are proud to present our latest "baby" xbtitFM!
xbtitFM is the best and easiest way to setup a complete bittorrent tracker system, you will ba able to add/remove feature only with a single click!
You'll be able to use it even if you aren't a php guru or a server's expert, the main requirements for it's use are:
* Web server (dedicated server is better) * Apache or Lighttpd * Mysql (4.1 or higher) * php (5.2 or higher) * root access (you'll need to add php extension) * enthusiasm!
Main features are:
* Work on Windows and Linux * Complete users system * Complete torrent control * Internal forum or smf integration * Admin Control Panel * User Control Panel * Many styles * Securized signup with captcha * Users Groups management * 35 preinstalled hacks (monthly grow) * monthly update (core and hacks) etc
More information, screenshots, demo and subscription on http://xbtitfm.com/
the torrent contains instructions and notes for xbtt and smf options read the instructions FIRST
- QUICK INSTALL -
CREATE db and db user UPLOAD files to webroot POINT browser at site FOLLOW onscreen instructions DELETE upgrade.php, install.php install.unlock
- INSTRUCTIONS TO UPDATE FROM PREVIOUS XBTIT RELEASE -
Backup your Database and all files before proceeding.
SAVE ./include/settings.php UNINSTALL your hacks REPLACE all files RESTORE ./include/settings.php DELETE upgrade.php install.php install.unlock APPLY your hacks
A vulnerability has been discovered in xbtit, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "uid" cookie to the "userlogin()" function in include/functions.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A possible exploit (SQL injection) was discover in the code, please update your trackers ASAP, hackers could retrieve password hash, then accessing your site like you!
Affected version: - ALL version < revision 584
Vulnerables files: - users.php - torrents.php
Manual patch:
open users.php find and replace
:
// getting order if (isset($_GET["order"])) $order=htmlspecialchars($_GET["order"]); else $order="joined";
if (isset($_GET["by"])) $by=htmlspecialchars($_GET["by"]); else $by="ASC";
with
:
$order_param=3; // getting order if (isset($_GET["order"])) { $order_param=(int)$_GET["order"]; switch ($order_param) { case 1: $order="username"; break;
case 2: $order="level"; break;
case 3: $order="joined"; break;
case 4: $order="lastconnect"; break;
case 5: $order="flag"; break;
case 6: $order="ratio"; break;
default: $order="joined";
} } else $order="joined";
if (isset($_GET["by"])) { $by_param=(int)$_GET["by"]; $by=($by_param==1?"ASC":"DESC"); } else $by="ASC";
// getting order $order_param=3; if (isset($_GET["order"])) { $order_param=(int)$_GET["order"]; switch ($order_param) { case 1: $order="cname"; break; case 2: $order="filename"; break; case 3: $order="data"; break; case 4: $order="size"; break; case 5: $order="seeds"; break; case 6: $order="leechers"; break; case 7: $order="finished"; break; case 8: $order="dwned"; break; case 9: $order="speed"; break; default: $order="data";
