Nightw0lf

using sunrise is like going to jail but for real :D check config.java if the corresponding config files have any typo or capital to lower case miss-type its very common for projects

all of your forms can be faked it does not change and its used for all of your forms lol

εγκό ρίξι λαντι στο φοτια

εγώ δεν σε έβρισα... άκου εκεί vodafone...

όποιος κάνει σύνδεση το 2019 σε οτε/wind κλπ είναι κώτσος υπάρχουν νέες εταιρίες που προσφέρουν με λιγότερα λεφτά απο 50mbps εως 1gbps με χαμηλά ping αρκεί να ψάξεις τι παίζει στην περιοχή σου (μιλάω για θεσσαλονίκη και αθήνα)

btw your website has a serious vulnerability VuGnsl8k5ZKsPUxniMb1I8XK2TbnILwCtcGUpA9X somebody can hack into another's account and pretend to be him and act like him (change pass, spend money, anything) also this script gives away all your "secrets" <script type="text/javascript"> $(document).ready(function(){ function verifyLogin(e){ $.ajax({ url:"/verifyLogin/"+$(e.target).val()+"", dataType: 'JSON', method: 'GET', success : function(vl){ if(vl.message=="ok"){ $(e.target).siblings("#message-email-log").html("<p style='color:green;'>Found email</p>").hide().fadeIn(800); }else{ $(e.target).siblings("#message-email-log").html("<p style='color:red;'>Mail not found</p>").hide().fadeIn(800); } } }); } function verifymailReg(e){ $.ajax({ url:"/verifyLogin/"+$(e.target).val()+"", dataType: 'JSON', method: 'GET', success : function(vl){ if(vl.message=="ok"){ $(e.target).siblings("#message-email-reg").html("<p style='color:white;'>Email not available</p>").hide().fadeIn(800); }else{ $(e.target).siblings("#message-email-reg").html("<p style='color:#92EC00;'>Email available</p>").hide().fadeIn(800); } } }); } function verifyPassword(e){ $.ajax({ url:"/verifyPassword/"+$(e.target).val()+"/"+$(e.target).parents('#form-login-in').find('#email').val()+"", dataType: 'JSON', method: 'GET', success : function(vl){ console.log(vl.dbpass+" "+vl.requestpass); if(vl.message=="ok"){ $(e.target).siblings("#message-password-log").html("<p style='color:green;'>Correct password</p>").hide().fadeIn(800); }else{ $(e.target).siblings("#message-password-log").html("<p style='color:red;'>Wrong password</p>").hide().fadeIn(800); } } }); } $("#email").blur(function(e){ if($(e.target).val()!=""){ verifyLogin(e); } }); $("#myform-registrationUser").submit(function(e){ event.preventDefault(); var a = $(e.target); var url="/customRegister"; var data = $(this).serializeArray(); var token = $("#token").val(); $.ajax({ url : url, data : data, dataType : 'JSON', method : 'POST', headers: {'X-CSRF-TOKEN': token}, }).done(function(response){ if(response.errors){ a.find("#message-name-reg").html(response.errors.name).fadeIn(400); a.find("#message-email-reg").html(response.errors.email).fadeIn(400); a.find("#message-password-reg").html(response.errors.password).fadeIn(400); } if(response.message=="ok"){ window.location.replace("/message-registration"); } }); }); $("#form-send-mail").submit(function(e){ e.preventDefault(); if($(e.targer).find("#email").val()=="" || $(e.targer).find("#subject").val()=="" || $(e.targer).find("#content").val()==""){ alert("kha"); }else{ $.ajax({ url: "/ckeckMail", method: "GET", data: $("#form-send-mail").serializeArray(), dataType: 'JSON', }).done(function(response){ if(response.errors){ console.log(response.errors); }else{ window.location.replace("/sendMail"); } }); } }); $('[data-toggle="tooltip"]').tooltip(); var id_banners = []; var id_premiums = []; $("a").each(function(index){ if($(this).hasClass("active_banner")){ id_banners.push($(this).attr("id")); } if($(this).hasClass("active_premium")){ id_premiums.push($(this).attr("id")); } }); setTimeout(function(){ $.ajax({ url: "/updateImpresions", method: "POST", data: {ids : id_banners, idsp : id_premiums}, dataType: "JSON", success : function(e){ //console.log("Update impressions"); }, error : function(e){ console.log("An error ocurred:"+e.error); } }); },100); $(".active_banner").click(function(){ var id = $(this).attr("id"); $.ajax({ url: "/updateClick", method: "POST", data: {id : id}, dataType: "JSON", success : function(e){ console.log(e.message); }, error : function(e){ console.log("An error ocurred"); } }); }); $(".visit").click(function(){ var id = $(this).attr("id"); $.ajax({ url: "/updateVisit", method: "POST", data: {id : id}, dataType: "JSON", success : function(e){ console.log(e.message); }, error : function(e){ console.log("An error ocurred"); } }); }); $(".active_premium").click(function(){ var id = $(this).attr("id"); $.ajax({ url: "/updatePremiumClick", method: "POST", data: {id : id}, dataType: "JSON", success : function(e){ console.log(e.message); }, error : function(e){ console.log("An error ocurred"); } }); }); var elements = $('#sign_modal_overlay, #sign_modal'); var body = $("body"); var modal = document.getElementById('sign_modal_overlay'); document.addEventListener("keydown", function(event) { if(event.keyCode === 27){ elements.removeClass('active'); body.css({"overflow-y":"visible"}); } }); window.onclick = function(event){ if(event.target == modal){ elements.removeClass('active'); body.css({"overflow-y":"visible"}); } } $('.open-modal-login').click(function(){ elements.addClass('active'); body.css({"overflow-y":"hidden"}); }); $('.close-modal').click(function(){ elements.removeClass('active'); body.css({"overflow-y":"visible"}); }); var el = $('#contact_modal_overlay, #contact_modal'); var modalc = document.getElementById('contact_modal_overlay'); document.addEventListener("keydown", function(event) { if(event.keyCode === 27){ el.removeClass('active'); body.css({"overflow-y":"visible"}); } }); window.onclick = function(event){ if(event.target == modalc){ el.removeClass('active'); body.css({"overflow-y":"visible"}); } } $('.open-modal-contact').click(function(){ el.addClass('active'); body.css({"overflow-y":"hidden"}); }); $('.close-modal-contact').click(function(){ el.removeClass('active'); body.css({"overflow-y":"visible"}); }); $.ajaxSetup({ headers: {'X-CSRF-TOKEN': $("meta[name='csrf-token']").attr("content")} }); }); window.onload = function(){ (function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/sdk.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk')); window.fbAsyncInit = function() { FB.init({ appId : '1616853315289008', xfbml : true, version : 'v2.8' }); }; $('.btn-facebook').click(function() { FB.getLoginStatus(function(response) { if (response.status === 'connected') { console.log('Already Logged In.'); } else { FB.login(); } }); }); } </script>

Content Count 83 Joined October 14, 2014 Last visited 15 minutes ago Feedback 0% i also checked his account he only write bad content indeed i mean its amazing spending so much time to write all this hate everywhere... this needs effort!

about the prices is a fix plus number of the prices is a multiplier applied on the prices more clues more easy solution

you probably added some rate config to multiply the sell price, did you apply any patches last days you found on some l2jbrazil forums etc?

upload the core for examination you did something

TK nerd mode on. valid tho. thanks for sharing!

https://updater.denart-designs.com

read more about sql injection in google because login can do harm on your database https://en.wikipedia.org/wiki/SQL_injection use PDO or if you have old PHP $login = mysql_real_escape_string($login); or $login = preg_replace("/[^a-zA-Z]/", "", $login);// this leaves only letters from a to z + capital for numbers a-zA-Z0-9

the answer is no-ip.com make account make a new host then you get something like myserver.ddns.net you put in l2.ini myserver.ddns.net and you run the application DUC of no ip in your computer and you have the same IP address even if your router resets. about the port open enter your router and do it not hard you need only 2106, 7777 ports to test go here canyouseeme.org

nice work thank you for sharing, i think you could work a bit with the design if you want my opinion but still its very good!

did you notice the user info even here is broken http://prntscr.com/p7r9wy

link updated with key

i just hacked it just to show you (what is the reward?) and if(1=1, sleep(10), 5222) have fun

and what if i already found a way to enter you some code but i dont want to share with you because you are smarter?

so if i say no? the whole world also no? this is kids response.

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

i already answered 2 times this question

you still dont get it, if i cannot does not mean nobody else cant do it... your thinking is about normal users that will use it for simple reason ok, when the real threat comes go tell the admin sorry i know it but you're fucked now and its too late.

it does not matter if i can but if it can be done in the end. lets talk with facts code needs mysql_connect function of php this requires php max 5.6 while 7, 7.1, 7.2, 7.3, (7,4 soon) mysql_connect function is deprecated and known for sql injection (yes i know you added some prevention on that), what about XSS what about old php (5.6) also PHPMailer needs update because your version has a critical system vulnerability too that is fixed in latest versions and so on, please understand that i dont judge you personally but the system you have is old in all meanings, if i would judge it i would say something like you were boring when you code it 3 functions for emailing for 3 different strings could be done with 1 function sendmail($string)... about the old user thing i just shared something old that only old users might have and it does the work (still not safe still old code and everything)