:O i use Gesior acc , when the news Acc will be launched?
Noone here as far as I know is making a news Acc. But the Marlex will come when 0.4 will be released and Mordern ACC acan be checked out from SVN already.
:O i use Gesior acc , when the news Acc will be launched?
Ye, also you were fooled too cuz your "team" is adding exploit you gesior aac so they can hack any server without including you. I got fooled once but you're being fooled right now and more and more by the day..
omg, man thanks i fixed all in my wrong acc
To protect your acc you have to change these function in buypoints.php to:[***]
function check_code_daopay($appcode, $prodcode, $pin)
{
$handle = fopen("https://daopay.com/svc/pincheck?appcode=".$appcode."&prodcode=".$prodcode."&pin=".$pin, 'r');
if(ereg('[^0-9A-Za-z]',$appcode) || ereg('[^0-9A-Za-z]',$prodcode) || ereg('[^0-9A-Za-z]',$pin)) {
die("xD");
}
if ($handle)
{
$status = fgets($handle, 128);
fclose($handle);
if($status[0] == 'o' && $status[1] == 'k')
$return = 1;
else
$return = 2;
}
else
$return = 3;
return $return;
}
function check_code_dotpay($code, $posted_code, $user_id, $type)
{
if(ereg('[^0-9A-Za-z]',$code) || ereg('[^0-9A-Za-z]',$posted_code) || ereg('[^0-9A-Za-z]',$user_id) || ereg('[^0-9A-Za-z]',$type)) {
die("Nice try !");
}
$handle = fopen("http://dotpay.pl/check_code.php?id=".$user_id."&code=".$code."&check=".$posted_code."&type=".$type."&del=0", 'r');
$status = fgets($handle, 8);
$czas_zycia = fgets($handle, 24);
fclose($handle);
$czas_zycia = rtrim($czas_zycia);
return array($status, $czas_zycia);
}
What example is this? :SAn old exploit not posted here I think, but which I have removed from my gesior aac lately.
In buypoints.php in function check_code_dotpay and probably check_code_daopay there is a possibility of code injection.
An example of code which we need to post in code field to get premium points for free...
latestnews.php
I suggest removing your news ticker, there is an exploit that allows users to create an account and write their own news. As you think this may not be dire, with the correct script, they could disable people from viewing your website, and redirecting it to theirs. If somebody knows how to patch this, I'd love to post it besides just "Delete it". But I guess I will just write this because my tutorial is more for awareness and pointing out all Gesior exploits, intentional or not. Thank you.
$config['site']['access_tickers'] = 3;