Info exploit xtream codes

[chris]

Last days some new methond attack happened, anyone have information for patch file allow input this sql injection

 

[leadersat]

Last days some new methond attack happened, anyone have information for patch file allow input this sql injection

How do you know it was injection and not just brute forced. Was the attack at your panel login or your SQL admin. Also what version number is the xtream UI your using.

 

[chris]

How do you know it was injection and not just brute forced. Was the attack at your panel login or your SQL admin. Also what version number is the xtream UI your using.

this new attack is more advance than that
is some exploit in base files

 

[leadersat]

this new attack is more advance than that
is some exploit in base files

They would still need some way in to your server to attack it. Either by ssh access or as I mentioned above. You say they changing base files, which files have you noticed have been changed. Are the files they have changed allowing a backdoor for easy access. More info on your part would help to be able to find a solution.

 

[chris]

attack not change files, dont access by ssh, not by panel
is SQL injection, only do querys in DB

 

[chris]

Please stop send me PM about this topic
At moment i dont have more information

 

[abelcustoms]

Please stop send me PM about this topic
At moment i dont have more information

the attack is not sql injection, its known as a CLI injection, the method is very similar to a Snyk CLI Exploit released this last September.

 

[shitping]

the attack is not sql injection, its known as a CLI injection, the method is very similar to a Snyk CLI Exploit released this last September.

And do you have a fix to stop this CLI injection?

 

[abelcustoms]

And do you have a fix to stop this CLI injection?

nope, it's the reason why I don't use XUI or even XUI One. There is the saying, you pay for what you get for. It's the main reason why many are making their own xui API compatible panels with built-in better security. Once you see the source code, you can identify where and how to get into the panel by injecting in calls that do not have proper checks. Because it was poorly written, you get these results. A quick example of how to use request URI and be able to get "ALL" accounts inside the panel except admin.
REQUEST_URI/live/zihin61/170322/38132.ts?token=SENdBBYMEwlAUlRZUl1QBQ8AAFZRDloOBFoGUQMHXg4HB1RSVlEJA1JAGhpHEURUWA9oCFEbWQsPCAMCTUFNRFYTagwBRgsRU1MHDABVFB0bFl4MUBtZCQEMBgFZVQ4BAE0XFQwAEwlAUQMBBlQUHRsHTxVQSw1ZW2ZUVRcKW1IRW1sQCQgdEQ0MaVxRCFdfXUANQwUbTxpeSkASW0FsQkEKFTEACFRYDQ9DVl0OV0JADVlBdFcMVl5UEGMIEVNSRwgXSUcGWEcQA0JdFl8UAwpSA0MZGwBXQldEQhhBAhVnMxdJRwFJRwcMRVFbCxQLGxZEQxkbCktoS1VDFRFdVl4ER0dfRgERTkBbWUw6VV5XDFICQVAMVkQbChJQQRQVXg5bDBELQ2wSC1IaDkcECQ1VDkNI With the proper tools you can inject and get access to pretty much every user. Tools like these are offered by a close group sharing new backdoors and methods to get past the auth system.

 

[chris]

exploit use last attack is not for bypass user auth
it was some kind breach allow sql queries
the guy who has this script is laughing reading these silly comments

 

[shitping]

nope, it's the reason why I don't use XUI or even XUI One. There is the saying, you pay for what you get for. It's the main reason why many are making their own xui API compatible panels with built-in better security. Once you see the source code, you can identify where and how to get into the panel by injecting in calls that do not have proper checks. Because it was poorly written, you get these results. A quick example of how to use request URI and be able to get "ALL" accounts inside the panel except admin.
REQUEST_URI/live/zihin61/170322/38132.ts?token=SENdBBYMEwlAUlRZUl1QBQ8AAFZRDloOBFoGUQMHXg4HB1RSVlEJA1JAGhpHEURUWA9oCFEbWQsPCAMCTUFNRFYTagwBRgsRU1MHDABVFB0bFl4MUBtZCQEMBgFZVQ4BAE0XFQwAEwlAUQMBBlQUHRsHTxVQSw1ZW2ZUVRcKW1IRW1sQCQgdEQ0MaVxRCFdfXUANQwUbTxpeSkASW0FsQkEKFTEACFRYDQ9DVl0OV0JADVlBdFcMVl5UEGMIEVNSRwgXSUcGWEcQA0JdFl8UAwpSA0MZGwBXQldEQhhBAhVnMxdJRwFJRwcMRVFbCxQLGxZEQxkbCktoS1VDFRFdVl4ER0dfRgERTkBbWUw6VV5XDFICQVAMVkQbChJQQRQVXg5bDBELQ2wSC1IaDkcECQ1VDkNI With the proper tools you can inject and get access to pretty much every user. Tools like these are offered by a close group sharing new backdoors and methods to get past the auth system.

A good proxy with geo block, Tor block, Mod Security , Fail2ban aso for main

And for LB you can level up the Security with geo block or allow only and again tor block.

Then you will be reasonable safe i think.

 

[chris]

A good proxy with geo block, Tor block, Mod Security , Fail2ban aso for main

And for LB you can level up the Security with geo block or allow only and again tor block.

Then you will be reasonable safe i think.

No, is that problem LB
LB have some vulnerability, bypass queries
Someone have that script running in match