[Official] WARNING: For Public Rapidleech Servers. Read Special Security Updates

[Palooo 2009]

WARNING:
For Public Rapidleech Servers. Special Security Updates​

Bug found due to the insert_location() function (download system) which reveals premium cookies and base_64 encoded auth-strings to end user(s). The premium accounts of rapidleech servers providing premium-account downloads to public, are in danger of having their premium accounts compromised!

Private rapidleech servers are safe for now, but are strongly encouraged to upgrade.

Standard auth system for premium accounts is put in place, any premium plugins not adhering to the new standard will either be compromised, or won't work with the new system. Premium account data using base64 authorization are no longer passed via the insert_location function, instead they are retrieved internally.

New premium cookie encryption system implemented (due to the complexity of cookie system and to keep load on 3rd-party servers to a minimum, cookies are encrypted instead, and then decrypted when needed) New $secretkey in accounts.php, which is used for cookie encryption.

A standard key is included, but you must create your own random string, max 56 characters in length

Rapidshare, Hotfile, Megaupload, Netload premium system updated. Other filehost premium plugins will need to be updated, if needed (this includes paid-for plugins also)

Please replace the old files in your rapidleech with the new security updated files as structured in the zip file below:

Add classes/blowfish.php

Add classes/class.pcrypt.php

Replace classes/other.php

Replace configs/accounts.php

Replace hosts/download/hotfile_com.php

Replace hosts/download/megaupload_com.php

Replace hosts/download/netload_in.php

Replace hosts/download/rapidshare_com.php

Replace index.php

This link is direct:

http://rapidshare.com/files/395697523/Security_Rapidleech.zip

 

[Daniel]

Hope rapidleechhost will update :o

 

[Fredxxx]

Thank you dude

 

[mo3tez]

thanks palooo

 

[ddlshack]

Rapidleech sucks. The coding is so messy.

 

[SalmanAbbas007]

^ Thats why u use it? )

 

[Devilz]

Rapidleech sucks. The coding is so messy.

Any Suggested Coding by you regarding Rapidleech ?

 

[albertoberto]

Rapidleech sucks. The coding is so messy.

I agree.

 

[Palooo 2009]

I agree.

The coding is messy for kids like ya. Suggest us any coding which is easy for you. )

 

[albertoberto]

The coding is messy for kids like ya. Suggest us any coding which is easy for you. )

Messiness and comprenhension are two different concepts.

I can totally understand the code. If I didn't, I couldn't possibly call it "messy".

 

[Palooo 2009]

Gah okay. My friend, Rapidleech code is not messy in actual but it really looks messy because of its core coding we did. We made it hard and comprehensive to stop abuse of it. If its not comprehensive then why no one could find this vulnerability/bug until we found it?

Anyways, Why don't we stop arguments? This topic is for security. I hope you could understand what i wanna say.

 

[bhanuprasad1981]

how do we generate random key ?

 

[Seeyabye]

I think you could just use any text strings or alphanumerical strings to generate your very own unique key.