XFileSharing Pro - Security of xfilesharing pro

Message
Author
uptowatch
Posts: 1
Joined: May 06, 2013 11:51 pm

Security of xfilesharing pro

#1 Postby uptowatch » May 06, 2013 11:53 pm

We are looking to lunch some file sharing and video sharing sites and we are looking this last days that there are some Xfilesharing client are been hacked, so we want to know if this security issue has been solved so that we can order your script and mods etc..

Thanks

admin
Site Admin
Posts: 1839
Joined: Mar 22, 2006 12:32 pm

#2 Postby admin » May 07, 2013 7:23 am

There's currently no known security issues in XFS exists.
There was one XSS found recently, but it was already fixed in current version.

Jesse202
Posts: 246
Joined: May 07, 2010 6:24 pm

#3 Postby Jesse202 » May 07, 2013 2:16 pm

What was that one, admin?

Those sites that were hacked all used the same passwords for admin areas as other sites as far as I know. They also extracted passwords from a xfile site that stored them in plain text when you clicked on the users tab (custom modded to do so).

admin
Site Admin
Posts: 1839
Joined: Mar 22, 2006 12:32 pm

#4 Postby admin » May 07, 2013 3:01 pm

We only have information about XSS hacking attempts. I mean only confirmed attempts (have log records of such attempts).

H12
Posts: 23
Joined: Apr 18, 2013 9:44 pm

#5 Postby H12 » May 10, 2013 1:50 am

The only thing to be worried about it to make sure you do not let your users upload dangerous file types such as php files. If the user were to know a little bit about xfilesharing and know where the actual files are stored (not the download page) they could perhaps execute a php shell.

Although I have not tried this for myself, but it could work in theory depending on whether or not there is any kind of preventative measures setup to disallow php from being executed within the upload directory, I don't think I saw any but I could be wrong.

But like I said, the script allows you to determine which file types can and cannot be uploaded so this isn't much of a worry.