Join xbtit!   Home   Forum   BtiTracker @ SF.net   Documentation   Demo Tracker   Btiteam's Toolbar  
May 23, 2013, 05:02:55 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  Show Posts
Pages: 1 [2] 3 4 ... 17
16  BTITeam / [BTITeam] Comunications / [WARNING] False xbtit support site on: August 04, 2010, 02:59:56 PM

We just have had the information that someone try to make a "new xbtit support forum" (bitlake.org), they made accounts with btiteam developers nick and avatar, but we are not us!

This communication is to let know everyone that the officials forums for xbtit are:

http://www.btiteam.org : opensource btit/xbtit community
http://private.xbtit.com : premium community (to subscribe: http://xbtit.com/registration)
http://xbtitfm.com/forum : xbtitFM subscriber community (to subscribe: http://xbtitfm.com/LightNEasy.php?page=subscribe)

if you buy "premium" by other way than those indicated above, don't complain here.

Thank you for your support,
Btiteam
17  BTITeam / [BTITeam] Comunications / [FREE] New xbtit's hacks released today! on: July 02, 2010, 10:11:58 AM


11 hacks was released today from our developers to the opensource community:

[HACK] Advanced Waiting Time by Diemthuy
[HACK] Alternate Torrent's Search
[HACK] Friendlist by Diemthuy
[HACK] Private Messages Spy (admin panel) by Diemthuy
[HACK] Set upload/download speed in MyPanel (linux198)
[HACK] Show/Hide news in the new's block (linux198)
[HACK] Staff Panel
[HACK] Torrent Bar by confe
[HACK] Torrent Details Media Player By Djburn
[HACK] Torrent moderation by losmi
[HACK] Who is online v 1.0 by losmi

you can get them from xbtit hacks area (http://www.btiteam.org/smf/index.php?board=168.0)

Enjoy them and if you like, just give us a feedback  Wink
18  BTITeam / [BTITeam] Comunications / Re: [XBTITFM] finally it's out! on: June 25, 2010, 10:44:13 AM
Quote from: Arsonist on June 24, 2010, 11:08:17 PM
Hi,

i subscribed to xbtitfm for 3 months today but never got any mail or login to download the files.
check your email, I answered yesterday Wink
19  BTITeam / [BTITeam] Comunications / Re: [XBTITFM] finally it's out! on: June 21, 2010, 11:09:54 AM
problem solved
20  BTITeam / [BTITeam] Comunications / Re: [XBTITFM] finally it's out! on: June 18, 2010, 11:21:23 AM
you can add styles, blocks and modules.

@ byzon, please confirm you got the package (contact me for more domains)
21  BTITeam / [BTITeam] Comunications / Re: [XBTITFM] finally it's out! on: June 16, 2010, 10:19:58 AM
problem solved on demo, sorry Wink
22  BTITeam / [BTITeam] Comunications / [XBTITFM] finally it's out! on: June 15, 2010, 10:54:35 AM
Tired to get stuck on hacks installation? resolve conflict? update the code?

Well xbtitFM make all this for you!

A brief description from main site:

Quote
This system was created by our developers after a long experience on working in the bittorrent world and most of them begin to collaborate already when we released btit 1.x. After working for 2 years on the core and making new hacks available, we are proud to present our latest "baby"   xbtitFM!

xbtitFM is the best and easiest way to setup a complete bittorrent tracker system, you will ba able to add/remove feature only with a single click!

You'll be able to use it even if you aren't a php guru or a server's expert, the main requirements for it's use are:

    * Web server (dedicated server is better)
    * Apache or Lighttpd
    * Mysql (4.1 or higher)
    * php (5.2 or higher)
    * root access (you'll need to add php extension)
    * enthusiasm!

 Main features are:

    * Work on Windows and Linux
    * Complete users system
    * Complete torrent control
    * Internal forum  or smf integration
    * Admin Control Panel
    * User Control Panel
    * Many styles
    * Securized signup with captcha
    * Users Groups management
    * 35 preinstalled hacks (monthly grow)
    * monthly update (core and hacks)
    etc

More information, screenshots, demo and subscription on http://xbtitfm.com/
23  BTITeam / [BTITeam] Comunications / [RELEASE] xbtit version 2.1.0 (revision 594) on: May 10, 2010, 04:16:53 PM
xbtit v.2.1.0 - revision 594 (Last commit May 10th 2010)

DOWNLOAD: http://demo.xbtit.com/index.php?page=torrent-details&id=9cc4345fb8f3c8764309700a323c98055565aeb9

- INSTALLATION -

the torrent contains instructions and notes
for xbtt and smf options read the instructions FIRST

- QUICK INSTALL -

CREATE db and db user
UPLOAD files to webroot
POINT browser at site
FOLLOW onscreen instructions
DELETE upgrade.php, install.php install.unlock

- INSTRUCTIONS TO UPDATE FROM PREVIOUS XBTIT RELEASE -

Backup your Database and all files before proceeding.

SAVE ./include/settings.php
UNINSTALL your hacks
REPLACE all files
RESTORE ./include/settings.php
DELETE upgrade.php install.php install.unlock
APPLY your hacks

complete change log:
http://btit-tracker.svn.sourceforge.net/viewvc/btit-tracker/BtitT2/branches/beta/?pathrev=593&view=log
24  BTITeam / [BTITeam] Comunications / Re: [XBTIT VULNERABILITY] URGENT - PROTECTION FIX (ALL REVISIONS < 584) on: April 20, 2010, 03:27:17 PM
yes, sorry I forgot this Smiley
25  BTITeam / [BTITeam] Comunications / Re: [XBTIT VULNERABILITY] URGENT - PROTECTION FIX (ALL REVISIONS < 584) on: April 15, 2010, 10:57:45 AM
yes, I guess btit versions are affected by same vulnerabilities
26  BTITeam / [BTITeam] Comunications / Re: [XBTIT VULNERABILITY] URGENT - PROTECTION FIX (ALL REVISIONS < 584) on: April 14, 2010, 09:34:04 AM
you can do it like explained on 1st post, just ignore
Code:
/*Mod by losmi - gold mod*/
/*Mod by losmi - sticky mod
Operation #4*/

from your code
27  BTITeam / [BTITeam] Comunications / Re: [XBTIT VULNERABILITY] xbtit "uid" Cookie SQL Injection Vulnerability on: April 13, 2010, 10:28:40 AM
Confirmed, I asked locker to made the post.
28  BTITeam / [BTITeam] Comunications / [XBTIT VULNERABILITY] xbtit "uid" Cookie SQL Injection Vulnerability on: April 12, 2010, 06:09:13 PM
A vulnerability has been discovered in xbtit, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "uid" cookie to the "userlogin()" function in include/functions.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


very quick and easy fix:
in functions.php find
Code:
 $uid=max(0,$CURUSER['uid']);
replace with
Code:
 $uid=max(1,(int)$CURUSER['uid']);

and replace this string:
Code:
$id = (!isset($_COOKIE['uid']))?1:max(1, $_COOKIE['uid']);

to:

Code:
$id = (!isset($_COOKIE['uid']))?1:max(1, (int)$_COOKIE['uid']);
29  BTITeam / [BTITeam] Comunications / Re: [XBTIT VULNERABILITY] URGENT - PROTECTION FIX (ALL REVISIONS < 584) on: April 10, 2010, 11:00:59 AM
the best way is applying manually the patch on already modified torrents.php (with hacks installed)
30  BTITeam / [BTITeam] Comunications / [XBTIT VULNERABILITY] URGENT - PROTECTION FIX (ALL REVISIONS < 584) on: April 09, 2010, 09:46:38 AM
A possible exploit (SQL injection) was discover in the code, please update your trackers ASAP, hackers could retrieve password hash, then accessing your site like you!

Affected version:
- ALL version < revision 584

Vulnerables files:
- users.php
- torrents.php

Manual patch:

open users.php
find and replace
Code:
// getting order
          if (isset($_GET["order"]))
               $order=htmlspecialchars($_GET["order"]);
          else
              $order="joined";


          if (isset($_GET["by"]))
              $by=htmlspecialchars($_GET["by"]);
          else
              $by="ASC";
with
Code:
          $order_param=3;
          // getting order
          if (isset($_GET["order"]))
             {
             $order_param=(int)$_GET["order"];
             switch ($order_param)
               {
               case 1:
                    $order="username";
                    break;

               case 2:
                    $order="level";
                    break;

               case 3:
                    $order="joined";
                    break;

               case 4:
                    $order="lastconnect";
                    break;

               case 5:
                    $order="flag";
                    break;
                         
               case 6:
                    $order="ratio";
                    break;

               default:
                   $order="joined";

             }
          }
          else
              $order="joined";


          if (isset($_GET["by"]))
           {
              $by_param=(int)$_GET["by"];
              $by=($by_param==1?"ASC":"DESC");
          }
          else
              $by="ASC";
find and replace
Code:
         list($pagertop, $pagerbottom, $limit) = pager(20, $count,  $scriptname."&amp;" . $addparams.(strlen($addparam)>0?"&amp;":"")."order=$order&amp;by=$by&amp;");
with
Code:
         list($pagertop, $pagerbottom, $limit) = pager(20, $count,  $scriptname."&amp;" . $addparams.(strlen($addparam)>0?"&amp;":"")."order=$order_param&amp;by=$by_param&amp;");
find and replace
Code:
$userstpl->set("users_sort_username", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=username&amp;by=".($order=="username" && $by=="ASC"?"DESC":"ASC")."\">".$language["USER_NAME"]."</a>".($order=="username"?$mark:""));
$userstpl->set("users_sort_userlevel", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=level&amp;by=".($order=="level" && $by=="ASC"?"DESC":"ASC")."\">".$language["USER_LEVEL"]."</a>".($order=="level"?$mark:""));
$userstpl->set("users_sort_joined", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=joined&amp;by=".($order=="joined" && $by=="ASC"?"DESC":"ASC")."\">".$language["USER_JOINED"]."</a>".($order=="joined"?$mark:""));
$userstpl->set("users_sort_lastaccess", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=lastconnect&amp;by=".($order=="lastconnect" && $by=="ASC"?"DESC":"ASC")."\">".$language["USER_LASTACCESS"]."</a>".($order=="lastconnect"?$mark:""));
$userstpl->set("users_sort_country", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=flag&amp;by=".($order=="flag" && $by=="ASC"?"DESC":"ASC")."\">".$language["USER_COUNTRY"]."</a>".($order=="flag"?$mark:""));
$userstpl->set("users_sort_ratio", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=ratio&amp;by=".($order=="ratio" && $by=="ASC"?"DESC":"ASC")."\">".$language["RATIO"]."</a>".($order=="ratio"?$mark:""));
with
Code:
$userstpl->set("users_sort_username", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=1&amp;by=".($order=="username" && $by=="ASC"?"2":"1")."\">".$language["USER_NAME"]."</a>".($order=="username"?$mark:""));
$userstpl->set("users_sort_userlevel", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=2&amp;by=".($order=="level" && $by=="ASC"?"2":"1")."\">".$language["USER_LEVEL"]."</a>".($order=="level"?$mark:""));
$userstpl->set("users_sort_joined", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=3&amp;by=".($order=="joined" && $by=="ASC"?"2":"1")."\">".$language["USER_JOINED"]."</a>".($order=="joined"?$mark:""));
$userstpl->set("users_sort_lastaccess", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=4&amp;by=".($order=="lastconnect" && $by=="ASC"?"2":"1")."\">".$language["USER_LASTACCESS"]."</a>".($order=="lastconnect"?$mark:""));
$userstpl->set("users_sort_country", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=5&amp;by=".($order=="flag" && $by=="ASC"?"2":"1")."\">".$language["USER_COUNTRY"]."</a>".($order=="flag"?$mark:""));
$userstpl->set("users_sort_ratio", "<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=6&amp;by=".($order=="ratio" && $by=="ASC"?"2":"1")."\">".$language["RATIO"]."</a>".($order=="ratio"?$mark:""));
save and close.


open torrents.php
find and replace
Code:
    // getting order
    if (isset($_GET["order"]))
         $order=htmlspecialchars(mysql_real_escape_string($_GET["order"]));
    else
        $order="data";

    $qry_order=str_replace(array("leechers","seeds","finished"),array($tleechs,$tseeds, $tcompletes),$order);

    if (isset($_GET["by"]))
        $by=htmlspecialchars(mysql_real_escape_string($_GET["by"]));
    else
        $by="DESC";


    list($pagertop, $pagerbottom, $limit) = pager($torrentperpage, $count,  $scriptname."&amp;" . $addparam.(strlen($addparam)>0?"&amp;":"")."order=$order&amp;by=$by&amp;");
with
Code:
    // getting order
    $order_param=3;
    if (isset($_GET["order"]))
       {
         $order_param=(int)$_GET["order"];
         switch ($order_param)
           {
           case 1:
                $order="cname";
                break;
           case 2:
                $order="filename";
                break;
           case 3:
                $order="data";
                break;
           case 4:
                $order="size";
                break;
           case 5:
                $order="seeds";
                break;
           case 6:
                $order="leechers";
                break;
           case 7:
                $order="finished";
                break;
           case 8:
                $order="dwned";
                break;
           case 9:
                $order="speed";
                break;
           default:
               $order="data";
               
         }

    }
    else
        $order="data";

    $qry_order=str_replace(array("leechers","seeds","finished"),array($tleechs,$tseeds, $tcompletes),$order);

    $by_param=2;
    if (isset($_GET["by"]))
      {
        $by_param=(int)$_GET["by"];
        $by=($by_param==1?"ASC":"DESC");
    }
    else
        $by="DESC";


    list($pagertop, $pagerbottom, $limit) = pager($torrentperpage, $count,  $scriptname."&amp;" . $addparam.(strlen($addparam)>0?"&amp;":"")."order=$order_param&amp;by=$by_param&amp;");
find and replace
Code:
$torrenttpl->set("torrent_pagertop",$pagertop);
$torrenttpl->set("torrent_header_category","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=cname&amp;by=".($order=="cname" && $by=="ASC"?"DESC":"ASC")."\">".$language["CATEGORY"]."</a>".($order=="cname"?$mark:""));
$torrenttpl->set("torrent_header_filename","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=filename&amp;by=".($order=="filename" && $by=="ASC"?"DESC":"ASC")."\">".$language["FILE"]."</a>".($order=="filename"?$mark:""));
$torrenttpl->set("torrent_header_comments",$language["COMMENT"]);
$torrenttpl->set("torrent_header_rating",$language["RATING"]);
$torrenttpl->set("WT",intval($CURUSER["WT"])>0,TRUE);
$torrenttpl->set("torrent_header_waiting",$language["WT"]);
$torrenttpl->set("torrent_header_download",$language["DOWN"]);
$torrenttpl->set("torrent_header_added","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=data&amp;by=".($order=="data" && $by=="ASC"?"DESC":"ASC")."\">".$language["ADDED"]."</a>".($order=="data"?$mark:""));
$torrenttpl->set("torrent_header_size","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=size&amp;by=".($order=="size" && $by=="DESC"?"ASC":"DESC")."\">".$language["SIZE"]."</a>".($order=="size"?$mark:""));
$torrenttpl->set("uploader",$SHOW_UPLOADER,TRUE);
$torrenttpl->set("torrent_header_uploader",$language["UPLOADER"]);
$torrenttpl->set("torrent_header_seeds","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=seeds&amp;by=".($order=="seeds" && $by=="DESC"?"ASC":"DESC")."\">".$language["SHORT_S"]."</a>".($order=="seeds"?$mark:""));
$torrenttpl->set("torrent_header_leechers","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=leechers&amp;by=".($order=="leechers" && $by=="DESC"?"ASC":"DESC")."\">".$language["SHORT_L"]."</a>".($order=="leechers"?$mark:""));
$torrenttpl->set("torrent_header_complete","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=finished&amp;by=".($order=="finished" && $by=="ASC"?"DESC":"ASC")."\">".$language["SHORT_C"]."</a>".($order=="finished"?$mark:""));
$torrenttpl->set("torrent_header_downloaded","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=dwned&amp;by=".($order=="dwned" && $by=="ASC"?"DESC":"ASC")."\">".$language["DOWNLOADED"]."</a>".($order=="dwned"?$mark:""));
$torrenttpl->set("torrent_header_speed","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=speed&amp;by=".($order=="speed" && $by=="ASC"?"DESC":"ASC")."\">".$language["SPEED"]."</a>".($order=="speed"?$mark:""));
$torrenttpl->set("torrent_header_average",$language["AVERAGE"]);
with
Code:
$torrenttpl->set("torrent_pagertop",$pagertop);
$torrenttpl->set("torrent_header_category","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=1&amp;by=".($order=="cname" && $by=="ASC"?"2":"1")."\">".$language["CATEGORY"]."</a>".($order=="cname"?$mark:""));
$torrenttpl->set("torrent_header_filename","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=2&amp;by=".($order=="filename" && $by=="ASC"?"2":"1")."\">".$language["FILE"]."</a>".($order=="filename"?$mark:""));
$torrenttpl->set("torrent_header_comments",$language["COMMENT"]);
$torrenttpl->set("torrent_header_rating",$language["RATING"]);
$torrenttpl->set("WT",intval($CURUSER["WT"])>0,TRUE);
$torrenttpl->set("torrent_header_waiting",$language["WT"]);
$torrenttpl->set("torrent_header_download",$language["DOWN"]);
$torrenttpl->set("torrent_header_added","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=3&amp;by=".($order=="data" && $by=="ASC"?"2":"1")."\">".$language["ADDED"]."</a>".($order=="data"?$mark:""));
$torrenttpl->set("torrent_header_size","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=4&amp;by=".($order=="size" && $by=="DESC"?"1":"2")."\">".$language["SIZE"]."</a>".($order=="size"?$mark:""));
$torrenttpl->set("uploader",$SHOW_UPLOADER,TRUE);
$torrenttpl->set("torrent_header_uploader",$language["UPLOADER"]);
$torrenttpl->set("torrent_header_seeds","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=5&amp;by=".($order=="seeds" && $by=="DESC"?"1":"2")."\">".$language["SHORT_S"]."</a>".($order=="seeds"?$mark:""));
$torrenttpl->set("torrent_header_leechers","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=6&amp;by=".($order=="leechers" && $by=="DESC"?"1":"2")."\">".$language["SHORT_L"]."</a>".($order=="leechers"?$mark:""));
$torrenttpl->set("torrent_header_complete","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=7&amp;by=".($order=="finished" && $by=="ASC"?"2":"1")."\">".$language["SHORT_C"]."</a>".($order=="finished"?$mark:""));
$torrenttpl->set("torrent_header_downloaded","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=8&amp;by=".($order=="dwned" && $by=="ASC"?"2":"1")."\">".$language["DOWNLOADED"]."</a>".($order=="dwned"?$mark:""));
$torrenttpl->set("torrent_header_speed","<a href=\"$scriptname&amp;$addparam".(strlen($addparam)>0?"&amp;":"")."order=9&amp;by=".($order=="speed" && $by=="ASC"?"2":"1")."\">".$language["SPEED"]."</a>".($order=="speed"?$mark:""));
$torrenttpl->set("torrent_header_average",$language["AVERAGE"]);
save and close.

your tracker should be patched

Alternatively you can download attached files and replace yours (maybe backup b4) with the new.
Pages: 1 [2] 3 4 ... 17

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
xBtit_Default by: TreetopClimber © 2006,2007 | Back To Top 		Valid XHTML 1.0! Valid CSS!

Recommended: Wholesale Computers - dresses - Auto Diagnostic Tool
Online shopping at tmart.com and Worldwide Free Shipping - Get great dresses deals at dressale.com
your link here, contact lupin @ btiteam.org for more info

MKPortal ©2003-2006 mkportal.it