Results 1 to 10 of 13
Threaded View
-
5th Jun 2010, 10:08 PM#1
OPMemberWebsite's:
Rapidleech.com FullMaza.com WarezOcean.com MediaFireForum.com
[Official] WARNING: For Public Rapidleech Servers. Read Special Security Updates
WARNING:
For Public Rapidleech Servers. Special Security Updates
Bug found due to the insert_location() function (download system) which reveals premium cookies and base_64 encoded auth-strings to end user(s). The premium accounts of rapidleech servers providing premium-account downloads to public, are in danger of having their premium accounts compromised!
Private rapidleech servers are safe for now, but are strongly encouraged to upgrade.
Standard auth system for premium accounts is put in place, any premium plugins not adhering to the new standard will either be compromised, or won't work with the new system. Premium account data using base64 authorization are no longer passed via the insert_location function, instead they are retrieved internally.
New premium cookie encryption system implemented (due to the complexity of cookie system and to keep load on 3rd-party servers to a minimum, cookies are encrypted instead, and then decrypted when needed) New $secretkey in accounts.php, which is used for cookie encryption.
A standard key is included, but you must create your own random string, max 56 characters in length
Rapidshare, Hotfile, Megaupload, Netload premium system updated. Other filehost premium plugins will need to be updated, if needed (this includes paid-for plugins also)
Please replace the old files in your rapidleech with the new security updated files as structured in the zip file below:
This link is direct:Add classes/blowfish.php
Add classes/class.pcrypt.php
Replace classes/other.php
Replace configs/accounts.php
Replace hosts/download/hotfile_com.php
Replace hosts/download/megaupload_com.php
Replace hosts/download/netload_in.php
Replace hosts/download/rapidshare_com.php
Replace index.php
Code:http://rapidshare.com/files/395697523/Security_Rapidleech.zipPalooo 2009 Reviewed by Palooo 2009 on . [Official] WARNING: For Public Rapidleech Servers. Read Special Security Updates WARNING: For Public Rapidleech Servers. Special Security Updates Bug found due to the insert_location() function (download system) which reveals premium cookies and base_64 encoded auth-strings to end user(s). The premium accounts of rapidleech servers providing premium-account downloads to public, are in danger of having their premium accounts compromised! Private rapidleech servers are safe for now, but are strongly encouraged to upgrade. Standard auth system for premium accounts Rating: 5
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Defendos Security - Official Thread
By l0calh0st in forum Web Development AreaReplies: 40Last Post: 31st Oct 2012, 03:54 PM -
Security Alert - Warning about Yahoo Browser Plugin for Chrome
By Mr Happy in forum News & Current EventsReplies: 1Last Post: 24th May 2012, 07:11 PM -
List of Free/Public Rapidleech Servers
By manic32 in forum File Host DiscussionReplies: 8Last Post: 26th Feb 2012, 05:22 AM -
Firefox 4 browser won't have any more security updates
By CyberAff in forum News & Current EventsReplies: 0Last Post: 22nd Jun 2011, 05:00 PM -
[Official] Regarding DDL0.com's Downtime & Updates
By SJshah in forum Forum and DDL DiscussionReplies: 26Last Post: 18th Dec 2010, 08:17 PM
Staff Online
themaCreator - create posts from...
Version 3.01 released. Open older version (or...