HDBits Bitmetv exploit

**iNSOMNiA** · 02-24-2007, 02:44 AM

Originally Posted by crossfade

no they ip-banned valerio (xrevx is no admin, he's not even staff)

Originally Posted by seppypom

he may have been banned, but two days ago he was an admin

Ah thanks seppy, i knew i was right...as always

next time double check your "infos" crossfade

**bytetorrent** · 02-24-2007, 04:23 AM

Originally Posted by crossfade

Originally Posted by Jaits

i m sure it is true...

when i hacked them a while back, i read their staff forums, and they were fighting against that other hd tracker (bit-hdtv)... and they were downloading movies from there to post them on their own tracker and also planning on how to take them out... back then bit-hdtv had security vunreabilities so they didnt have to use their users passwords (and i dont recall seeing any table that logged them in clear text).. they just hacked them and logged in as them... its not hard though to modify the login script to store the plaintext password as well...

omg are they that easy to hack or what? you'd think private BT sites care about security...

how ?? RFI/LFI ,SQL INJECTION or XSS??

**Sentient** · 02-24-2007, 05:55 AM

a bitmetv admin presented the following two lines of what is presumably an IRC log as "proof."

10.10.29 [user] THEN WHY THE F**K WAS MY PASSKEY BEING USED ON UR F**KING RSS FEED
10.10.29 » (Valerio) why do you care? it would've been unnoticible if i had moved the thing before i changed it :S

**crossfade** · 02-24-2007, 09:02 AM

Originally Posted by iNSOMNiA

Originally Posted by seppypom

he may have been banned, but two days ago he was an admin

Ah thanks seppy, i knew i was right...as always

next time double check your "infos" crossfade

where am i wrong?
valerio, who always was hdbits admin, was banned at bmtv
xrevx is just a hdbits vip

**bananaca** · 02-24-2007, 09:03 AM

I was a member of that site but my account is probably already disabled due to inactivity.

**Texan** · 02-28-2007, 01:31 PM

So what happened finally ?

**Ne'tu** · 02-28-2007, 01:45 PM

Really nothing interesting.

**fit4trading** · 02-28-2007, 03:45 PM

Ahh the pathetic mods... Running here and there all day trying to be a little more elite than others and all they end up with is getting disabled (or fighting bitterly)... What a pathetic life... Its sad to see that the private tracker community has such bitter feelings towards each other. The average user still enjoys...

**kalpesh** · 02-28-2007, 04:04 PM

By Hdbits
In response to the random claim that we know all your passwords and can/will use them on bitmetv if you have the same password there, I would like to point out that the only trace of your password stored in the database is your passhash.
This is a 128bit md5 hash of your password and a 20 character long random string.
For those of you who that makes no sense to, it means all that is stored is something like 1055d3e698d289f2af8663725127bd4b....which cannot be reversed back into your password.

**shalako** · 02-28-2007, 05:10 PM

Originally Posted by kalpesh

By Hdbits
For those of you who that makes no sense to, it means all that is stored is something like 1055d3e698d289f2af8663725127bd4b....which cannot be reversed back into your password.

That's not exactly true. they can be reversed.

Thread: HDBits Bitmetv exploit

Thread Tools

Bookmarks

Bookmarks

Posting Permissions