XFileSharing Pro - No referral, No files download but user request payout $5

Message
Author
verzing
Posts: 174
Joined: Mar 02, 2011 7:00 pm

No referral, No files download but user request payout $5

#1 Postby verzing » Aug 23, 2012 6:40 pm

Today in my site have 1 user from Russia, he have 1 file in his account (that file have no downloads) and he have no referral. But he requested payout $5.

I don't know how can he do that...

PowerChaos
Posts: 521
Joined: Dec 19, 2009 5:12 pm

#2 Postby PowerChaos » Aug 23, 2012 10:57 pm

does she have credits in her account ??
if yes , then it was probaly a mysql injection

if no
then it was probaly a script override with a command that get used to request the payout and she figured that part out

but my guess is that it was the sql injection she dit to add money to her account

Greetings From PowerChaos

verzing
Posts: 174
Joined: Mar 02, 2011 7:00 pm

#3 Postby verzing » Aug 24, 2012 1:28 am

that account created at 8/18/2012 and request payout in same date. and she have credit Im login to her account and I see that she have 1931 download.

anyone know how to fix its ? or this is bug of xfs ?

ankurs
Posts: 1054
Joined: Mar 10, 2009 2:34 am

#4 Postby ankurs » Aug 24, 2012 1:45 pm

User might have deleted the files,which had those downloads.

verzing
Posts: 174
Joined: Mar 02, 2011 7:00 pm

#5 Postby verzing » Aug 25, 2012 3:57 am

that account registered at 2012-08-18 17:15
and request payout at 2012-08-18 17:15:58


its impossible

DimS
Posts: 20
Joined: Feb 11, 2012 8:47 am

#6 Postby DimS » Aug 27, 2012 7:29 pm

can you research apache log with user ip?

ankurs
Posts: 1054
Joined: Mar 10, 2009 2:34 am

#7 Postby ankurs » Aug 28, 2012 9:42 am

verzing wrote:that account registered at 2012-08-18 17:15
and request payout at 2012-08-18 17:15:58


its impossible
its pretty much impossible, unless your server time was messed up

admin
Site Admin
Posts: 1839
Joined: Mar 22, 2006 12:32 pm

#8 Postby admin » Aug 28, 2012 11:35 am

Yeah, better to check access logs for user's IP, so you will know how exactly it was done. Of course if you have access logs enabled.