Public paste
sasa
By: asas | Date: Nov 28 2007 18:49 | Format: None | Expires: never | Size: 3.03 KB | Hits: 665

  1. [Silkroad Exploit Step 1 out of 2]
  2.  
  3. [Joymax account exploit Part 1]
  4. http://www.joymax.com/portal/
  5. - Create a new account
  6.  
  7. Go on the following link: [Here]
  8. Complete the E-mail Verification Service.
  9.  
  10. When you are done.
  11.  
  12. Log out.
  13. Go on http://www.joymax.com/portal/
  14. Go in the Forgot your password
  15. Write your ID and E-mail
  16. click Change Password
  17.  
  18.  
  19. Now before clicking on Send verification code:
  20. Exploit Step #1 start here:
  21.  
  22. http://rev6.com/AccountName.jpg
  23.  
  24. [Tool used do modify the account]
  25.  
  26. FireFox: [Here]
  27.  
  28. FireFox Addons: [Here]
  29.  
  30. Menu: Tools/Web developper/Forms/Display Form Details
  31. Menu: Tools/Web developper/Forms/Enable auto completion
  32.  
  33. You will see the hidden variable UserID="YourAccountName"
  34. You need to type the account name of the guy you want to steal he's account.
  35.  
  36. When it's done, click on [Send Verification Code]
  37.  
  38. You will receive an Email, click on the link on that email
  39. It will ask for the code that was in the email write it and click confirm.
  40.  
  41. It will now ask for a new password
  42. Fell free to do a
  43. Menu: Tools/Web developper/Forms/Display Form Details
  44. You will see that the account name that joymax send you is not your account name
  45. But the target account name that you want to steal he's account.
  46.  
  47. Type the desired password and the First step is done.
  48.  
  49.  
  50. Now you can go on
  51. http://www.joymax.com/portal/
  52. Type the password of the account you just stolen and you can look at he's personal setting on Joymax.com.
  53.  
  54. This is the step 1 of 2.
  55. For security reason we won't release the step 2.
  56.  
  57. The Website password of the target account had changed to the password you have entered on Joymax.com
  58. Now the 2nd step is to modify the Silkroadonline.net password to the Joymax password.
  59. To change he's account password...
  60.  
  61. We will let joymax a 24-48 hours delay before posting how it's done.
  62. If joymax doesn't nothing, everything will go Public.
  63.  
  64. In other word you can Steal someone else, legit or bot account with ONLY THE ACCOUNT NAME!.
  65. I have wasted 42 hours investigating Joymax website.
  66. Joymax fell free to compensate me for my time by using the donation link on the left.
  67.  
  68.  
  69. May I add to this that the server Tibet All the high level have been hacked 1 by 1 using this glitch during the last 2 weeks.
  70. Please note this goes against Joymax TOS and Joymax is fully responsible for this error. You will need to do a rollback and to do a compensation event for the time lost.
  71. We Rev6.com did not used this exploit, we were investigating this error based on many user complaints.
  72. Our community reported this anomaly and our objective is to persuade you that you must do a rollback
  73. This mainly affected Tibet server, as for other server, please verify your bug report section.
  74.  
  75. I would like to thank all the anonymous tips received by many different users.
  76. Joymax, if you read your Bug report, you will find how the entire Account stealing process from just an account name to empty the account on silkroad inside the game.
  77.  
  78. Sincerely,
  79. C-o-r-E, MuMeD
  80. And you’re friendly Venice Silk Assistant,
  81. NeDra (also known as [GM]NyMbLe)
Latest pastes
10 hours ago
10 hours ago
18 hours ago
1 days ago
1 days ago