phpUploader v2.1 - Opensource php based auto uploader

[Halcyon]

Deathbliss, just a suggestion, don't remove credits when they're not supposed to be removed. Keep that in mind.

I'm officially out of this project now, no more testing/releases from my side. If anyone need help in any regards, please contact lifetalk or somik.

edit: The filemanager is also a free addon in case anyone didn't know.

other things are buggy, but meh. have fun finding them out!

Halcyon Reviewed by Halcyon on 5th Sep 2010. phpUploader v2.1 - Opensource php based auto uploader Wtf is this? Who the heck are you? This is phpUploader. An open source and/or free, php based auto uploader. I'm lifetalk - a pretty much unknown figure around here. What does it do? FFS! I can't be arsed to keep updating this paragraph, lol. This shit does a lot of stuff. Have a look at the changelog. Features: - Downloads from RS/HF/FS/MU (Vanilla and LeechMod) - Extracts files (Vanilla) - Can extract password protected RAR's (Vanilla) Rating: 5

[somik]

erm.... I just checked deathbliss's scripts...

WARNING TO EVERYONE. THE SCRIPT deAthbLisS POSTED IS A SHELL SCRIPT.


Deathbliss, your post has been reported to moderators.

[Daniel]

erm.... I just checked deathbliss's scripts...

WARNING TO EVERYONE. THE SCRIPT deAthbLisS POSTED IS A SHELL SCRIPT. YOUR SERVER WILL BE HACKED AND ALL FILES BE DELETED AND YOUR PREMIUM ACCOUNTS HIJACKED.


Deathbliss, your post has been reported to moderators.

lolwut..

Is this why my hotfile account went from premium to free after i used the script?

Scary

[deAthbLisS]

links deleted from everywhere

i'm off this project.

mods ban me, delete me.. do whatever you want

[Halcyon]

Deathbliss, we don't have any grudge on you.


google for "somik.org transloader Vulnerability" and you'll know what we mean

[somik]

Here are the Vulnerability report on Somik.org Server2Server transloader when used in improper way...

http://www.google.com/search?num=30&...=&oq=&gs_rfai=



This is why i released v2.0 with all the fix that you removed....

[deAthbLisS]

nvm..
people knowing the things about transloader Vulnerability could have PM'd me

but this is what they should not do:
WARNING TO EVERYONE. THE SCRIPT deAthbLisS POSTED IS A SHELL SCRIPT. YOUR SERVER WILL BE HACKED AND ALL FILES BE DELETED AND YOUR PREMIUM ACCOUNTS HIJACKED.

[Halcyon]

I just checked the script, Somik was online and we were discussing about it. You removed the .htaccess file with Somik's script, and that's why it became "vulnerable".

You gotta test things before releasing them mate!

[somik]

lolwut..

Is this why my hotfile account went from premium to free after i used the script?

Scary

I am not sure but i do not think so. A hacker still needs to know the address you uploaded it to. I think it could be hotfile's limit that you crossed which made them cancel your premium account.

I have removed my "guess" from my post and kept it to facts only. The script manager.php is a shell script. The script direct.php is a script that can be used to transload a shell script to your host. I am the owner of "direct.php" and if you look in the source, i have given an option to password protect the script, which was ignored. In my readme file, its clearly stated that:

> Security issue fixed with transloader.
> Now you may set your own password for the script.

The security fix comes as a .htaccess file that directly downloads any files placed in the original "transloaded" folder. This way, shell scripts cannot be executed.

The password protect was there as an added security for those on windows server.

Deathbliss, next time you modify a script, read the readme file atleast. You could also have contacted me via PM or IM about it (like v3g3t4 did) before using my scripts in ways it wasn't meant to be used.

nvm..
people knowing the things about transloader Vulnerability could have PM'd me

if i pmed you and you were not online then all the people who downloaded the script would be at risk.

I have edited my post. I am sorry if i have offended you. My post was not directed towards you. I meant if a hacker knew about that, then they could do that.

Still, i am sorry for offending you.

[Lifetalk]

Alright guys. Enough of all of this. deAthbLisS has pulled all his versions.

Official releases tested/coded by me, somik, DeL, and l0calh0st (the new GUI) are (as of now) Vanilla and LeechMod.

Sandvik if there's something you liked in deAth's mod and it's not included in LeechMod, PM me and I'll add it.