next »

[asifshabir]

Hello EMS,

This thread is for aurora exploits and their solutions.
This thread is aim to make aurora more stronger and safer.

All admins/ users/ who found any exploits , may post it here with step by step solution.

Thanks

[Tymer]

Nice topic, if it gets good answers it should get sticky

[donatien]

it should be posted in the private board,

[Tymer]

it should be posted in the private board,

What do you mean?

[cngohar]

it should be posted in the private board,

he mran only gpt site owner can view the thread

[asifshabir]

he mran only gpt site owner can view the thread

If gpt owners had any idea about these threats, they should be have been complaining about any hacking issues

[megojoe]

Steve here

Here or some i found here and there so i hope it helps

========================================================

Bot detector fix
Create htaccess file

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^yoursite.com [NC]
RewriteRule ^(.*)$ http://www.yoursite.com/$1 [L,R=301]


=========================================================

wizards/link.php

prevent people from uploading free credits into your ptc ads


else if(is_ad_blocked($target)) {
         $err="Ad blocked was returned. Please contact support!";
      }
      else if (($daily_limit) <= "24" && ($daily_limit != "0")) {
               $err="Your add must have daily limit of at least 25 clicks, or leave 0 for unlimited!";
            }


*******

else if($adoption1 == "exsistlink") {
      $exsistlink = mysql_real_escape_string($_POST['exsistlink']);
      $sql=$Db1->query("SELECT * FROM ads WHERE id='$exsistlink'");
      $pad=$Db1->fetch_array($sql);
   }

=============================================================
wizards/fad.php


else if($adoption1 == "exsistfad") {
      $exsistfad = mysql_real_escape_string($_POST['exsistfad']);
      $sql=$Db1->query("SELECT * FROM fads WHERE id='$exsistfad'");
      $pad=$Db1->fetch_array($sql);
   }

================================================================

wizards/fbanner.php


else if($adoption1 == "exsistfbanner") {
      $exsistfbanner = mysql_real_escape_string($_POST['exsistfbanner']);
      $sql=$Db1->query("SELECT * FROM fbanners WHERE id='$exsistfbanner'");
      $pad=$Db1->fetch_array($sql);
   }

=============================================================

wizards/ptsu.php file, line 39 to 43 and add what is in bold:

else if($adoption1 == "exsistptsu") {
      $exsistptsu = mysql_real_escape_string($_POST['exsistptsu']);
      $sql=$Db1->query("SELECT * FROM ptsuads WHERE id='$exsistptsu'");
      $pad=$Db1->fetch_array($sql);
   }

============================================================


wizards/ptra.php

else if($adoption1 == "exsistptra") {
           $exsistptra = mysql_real_escape_string($_POST['exsistptra']);
      $sql=$Db1->query("SELECT * FROM ptrads WHERE id='$exsistptra'");
      $pad=$Db1->fetch_array($sql);
   }

===============================================================

wizards/ptr.php

else if($adoption1 == "exsistptr") {
      $exsistptr = mysql_real_escape_string($_POST['exsistptr']);
      $sql=$Db1->query("SELECT * FROM emails WHERE id='$exsistptr'");
      $pad=$Db1->fetch_array($sql);
   }

================================================================

wizards/popups.php


else if($adoption1 == "exsistpopup") {
      $exsistpopup = mysql_real_escape_string($_POST['exsistpopup']);
      $sql=$Db1->query("SELECT * FROM popups WHERE id='$exsistpopup'");
      $pad=$Db1->fetch_array($sql);
   }

=======================================================

wizards/flink.php

else if($adoption1 == "exsistflink") {
      $exsistflink = mysql_real_escape_string($_POST['exsistflink']);
      $sql=$Db1->query("SELECT * FROM flinks WHERE id='$exsistflink'");
      $pad=$Db1->fetch_array($sql);
   }

=======================================================
root
flinkclick.php

$id = mysql_real_escape_string($_REQUEST['id']);

====================================================
root
bannerclick.php

$id = mysql_real_escape_string($_REQUEST['id']);

======================================================
root
fadclick.php

$id = mysql_real_escape_string($_REQUEST['id']);

===================================================

admin edit_flink.php



==================================================

admin flinks.php

==================================================

admin fbanners.php


===================================================

wizards/banner.php

else if($adoption1 == "exsistbanner") {
      $exsistbanner = mysql_real_escape_string($_POST['exsistbanner']);
      $sql=$Db1->query("SELECT * FROM banners WHERE id='$exsistbanner'");
      $pad=$Db1->fetch_array($sql);
   }

=================================================

good luck

Steve

P.s I am working on the one for admin pass word keep getting changed