With
+23k members
+11k threads
+106k posts
we are the most popular IPTV community on the web.
IMPORTANT NOTE:
WE HAVE RECENTLY NOTICED THAT TOO MANY DOUBLE FAKE ACCOUNTS ARE CREATED IN THE PAST.
TO PREVENT THIS ISSUE THE DECISION WAS MADE THAT IN THE FUTURE A ANNUALLY FEE 20 EURO WILL BE RAISED FOR NEW MEMBERSHIPS.
Join now to the World of IPTV
Hello,
IPTV Smarters Exploit
be careful with this application this can affect your server (( destroy / steal ))... see the concept of theft:
No quote
No quote
Channels | MatchTime Unblock CDN | Offshore Server | Contact |
100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
session_start();
if (file_exists("functions.php")) {
include_once "functions.php";
if (isset($_FILES["logoImage"])) {
$target_dir = "../images/";
$target_file = $target_dir . basename($_FILES["logoImage"]["name"]);
if (move_uploaded_file($_FILES["logoImage"]["tmp_name"], $target_file)) {
echo "images/" . $_FILES["logoImage"]["name"];
exit;
}
echo "errorImage";
exit;
}
...
Certainly! my friend. Those responsible for the smarters contacted me and informed that it is one without many problems. They don't really know anything.The absolute state of this code
PHP:session_start(); if (file_exists("functions.php")) { include_once "functions.php"; if (isset($_FILES["logoImage"])) { $target_dir = "../images/"; $target_file = $target_dir . basename($_FILES["logoImage"]["name"]); if (move_uploaded_file($_FILES["logoImage"]["tmp_name"], $target_file)) { echo "images/" . $_FILES["logoImage"]["name"]; exit; } echo "errorImage"; exit; } ...
This will have been 0dayed for a long time, the quality of development is so so bad with iptv. That will accept any file from anyone. Ridiculous.
Certainly! my friend. Those responsible for the smarters contacted me and informed that it is one without many problems. They don't really know anything.
Channels | MatchTime Unblock CDN | Offshore Server | Contact |
100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
Yep, tried it and it worksAdded a patch:
No quote
How can we be sure that this patch is safe to use?Added a patch:
No quote
Channels | MatchTime Unblock CDN | Offshore Server | Contact |
100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
How can we be sure that this patch is safe to use?
As you joined the forum 6 months ago
and only have 1 post which is this patch
Nothing personal intended i was purely just asking a questionHi Mobilehacks,
You don't have to trust me if you don't want to, the patch source is open.
But I think I'm the wrong person to have questions about, I would personally rather question the IPTV Smarters quality.
Channels | MatchTime Unblock CDN | Offshore Server | Contact |
100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
It is not new that IPTV Smarters does not expire confidence. At least for me ...
Now it has only been exposed in the media.
<?php
//Vulnerability 1: Arbitrary File Upload
if (isset($_FILES["logoImage"])) {
//added to check file extentions
$file_ext=pathinfo($_FILES['logoImage']['name']);
$extensions= array("jpeg","jpg","png","JPEG","JPG","PNG");
if(in_array($file_ext,$extensions)=== false){echo 'Not a valid file ext.';die("Error")}
//end of check
$target_dir = "../images/";
$target_file = $target_dir . basename($_FILES["logoImage"]["name"]);
if (move_uploaded_file($_FILES["logoImage"]["tmp_name"], $target_file)) {
echo "images/" . $_FILES["logoImage"]["name"];
exit;
}
echo "errorImage";
exit;
}
//Vulnerability 2: Code Injection
if (isset($_POST["action"]) && $_POST["action"] == "installation") {
//check to see if form data came from same REFERER
if ((isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']))) {
if (strtolower(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)) != strtolower($_SERVER['HTTP_HOST'])) {
die("Error")
}
}
//end check
$response["result"] = "no";
$content = "<?php \n";
$content .= "\$XCStreamHostUrl = \"" . $_POST["HostUrlVal"] . "\";" . "\n";
$content .= "\$XClogoLinkval = \"" . $_POST["logoLinkval"] . "\";" . "\n";
$content .= "\$XCcopyrighttextval = \"" . $_POST["copyrighttextval"] . "\";" . "\n";
$content .= "\$XCcontactUslinkval = \"" . $_POST["contactUslinkval"] . "\";" . "\n";
$content .= "\$XChelpLinkval = \"" . $_POST["helpLinkval"] . "\";" . "\n";
$content .= "\$XClicenseIsval = \"" . $_POST["licenseIsval"] . "\";" . "\n";
$content .= "\$XClocalKey = \"" . $_POST["LocalKey"] . "\";" . "\n";
$content .= "\$XCsitetitleval = \"" . $_POST["sitetitleval"] . "\";" . "\n";
$content .= "?>";
if (file_exists("../configuration.php")) {
unlink("../configuration.php");
}
$fp = fopen("../configuration.php", "w");
fwrite($fp, $content);
fclose($fp);
chmod("../configuration.php", 511);
if (file_exists("../configuration.php")) {
$response["result"] = "yes";
}
echo json_encode($response);
exit;
}
?>
This would be a good solution instead of removing the snips, if not please correct if im wrong.
PHP:<?php //Vulnerability 1: Arbitrary File Upload if (isset($_FILES["logoImage"])) { //added to check file extentions $file_ext=pathinfo($_FILES['logoImage']['name']); $extensions= array("jpeg","jpg","png","JPEG","JPG","PNG"); if(in_array($file_ext,$extensions)=== false){echo 'Not a valid file ext.';die("Error")} //end of check $target_dir = "../images/"; $target_file = $target_dir . basename($_FILES["logoImage"]["name"]); if (move_uploaded_file($_FILES["logoImage"]["tmp_name"], $target_file)) { echo "images/" . $_FILES["logoImage"]["name"]; exit; } echo "errorImage"; exit; } //Vulnerability 2: Code Injection if (isset($_POST["action"]) && $_POST["action"] == "installation") { //check to see if form data came from same REFERER if ((isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']))) { if (strtolower(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)) != strtolower($_SERVER['HTTP_HOST'])) { die("Error") } } //end check $response["result"] = "no"; $content = "<?php \n"; $content .= "\$XCStreamHostUrl = \"" . $_POST["HostUrlVal"] . "\";" . "\n"; $content .= "\$XClogoLinkval = \"" . $_POST["logoLinkval"] . "\";" . "\n"; $content .= "\$XCcopyrighttextval = \"" . $_POST["copyrighttextval"] . "\";" . "\n"; $content .= "\$XCcontactUslinkval = \"" . $_POST["contactUslinkval"] . "\";" . "\n"; $content .= "\$XChelpLinkval = \"" . $_POST["helpLinkval"] . "\";" . "\n"; $content .= "\$XClicenseIsval = \"" . $_POST["licenseIsval"] . "\";" . "\n"; $content .= "\$XClocalKey = \"" . $_POST["LocalKey"] . "\";" . "\n"; $content .= "\$XCsitetitleval = \"" . $_POST["sitetitleval"] . "\";" . "\n"; $content .= "?>"; if (file_exists("../configuration.php")) { unlink("../configuration.php"); } $fp = fopen("../configuration.php", "w"); fwrite($fp, $content); fclose($fp); chmod("../configuration.php", 511); if (file_exists("../configuration.php")) { $response["result"] = "yes"; } echo json_encode($response); exit; } ?>
Channels | MatchTime Unblock CDN | Offshore Server | Contact |
100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
Thank you for your work.Added a patch:
No quote
We know, ad-blocking software do a great job at blocking ads. But our site is sponsored by advertising.
For the best possible site experience please take a moment to disable your AdBlocker.
You can create a Account with us or if you already have account, you can prefer an Account Upgrade.