Menu
What's new
Torrentinvites.net

Register to be part of a great torrent community and to find your desired tracker.

FinElite : News

parlok

parlok

Ti.Net Big Boss
Trusted
(iDonated)
Joined
Aug 6, 2013
Messages
2,369
Reaction score
352
Location
The End Of The World
Rating - 100%
115   0   0
Joulukalenteri

Joulukalenteri tulee jälleen!
:)



Jottei keneltäkään mene "ohi" niin...

1.12 alkaen sivuston yläosassa pyörii joulubannerit. Banneria klikkaamalla pääset avaamaan päivän luukun. Menussa on myös tuttuun tapaan teksti, jos et ole avannut kyseisen päivän luukkua (muistutuksena).

Olemme nyt tehneet joulukalenteriin mukavia parannuksia. Visuaalisia muutoksia sekä myös extra bonuksia sen mukaan kuinka monta luukkua olet aukaissut.


Haluamme myös muistuttaa, että vaikka saisit henk.koht freeleech tai gigoja luukuista, niin se ei tarkoita sitä, että voit ladata mielin määrin harrastaen myös hit & runeja!
Click to expand...

Christmas calendar

The Christmas calendar is coming again!

So that no one "passes by" so... From 1.12, Christmas banners will be running at the top of the site. By clicking on the banner, you can open the hatch of the day. As usual, the menu also has a text if you haven't opened the door for that day (as a reminder).
We have now made nice improvements to the Christmas calendar. Visual changes and also extra bonuses depending on how many hatches you have opened.
We also want to remind you that even if you get freeleech or gigs from the hatches, it doesn't mean that you can download to your heart's content while also enjoying hit & runs!
 
parlok

parlok

Ti.Net Big Boss
Trusted
(iDonated)
Joined
Aug 6, 2013
Messages
2,369
Reaction score
352
Location
The End Of The World
Rating - 100%
115   0   0
Security information

Saw a message on Finelite urging users to change their password.
The question that arose from this is why. Investigation started.

Found open ports: 22, 80, 443, 4242 No vulnerable services have been found behind the gates
Tried to upload a php shell backdoor via the image bank => no results
Tried SQL injection both with and without sqlmap => no results
Tried searching for XSS vulnerabilities => no results /nfo/nfogen.php vulnerability found.
This made it possible to read the source code By reading the source code, it became clear that sql injections and other basic security issues are fine MySQL credentials seen in the source code
The credentials found did not work for the site or SSH Run nikto, feroxbuster & gobuster/ffuf (seclists/discovery) Found sysinfotools which revealed the following information: - IP, HDD, RAM, CPU, Kernel & PHP version Apart from the nfogen LFI vulnerability, no other vulnerabilities have been found in Finelite.

Maintenance patched the nfogen LFI vulnerability immediately after receiving the notification For maintenance, it is suggested to rotate MySQL credentials just to be sure. Suggested action for maintenance to hide the server's correct address
Proposed for maintenance to close ports other than 443
 
You must log in or register to reply here.
Top