[Silkroad Exploit Step 1 out of 2]

 

[Joymax account exploit Part 1]

http://www.joymax.com/portal/

- Create a new account

 

Go on the following link: [Here]

Complete the E-mail Verification Service.

 

When you are done.

 

Log out.

Go on http://www.joymax.com/portal/

Go in the Forgot your password

Write your ID and E-mail

click Change Password

 

 

Now before clicking on Send verification code:

Exploit Step #1 start here:

 

http://rev6.com/AccountName.jpg

 

[Tool used do modify the account]

 

FireFox: [Here]

 

FireFox Addons: [Here]

 

Menu: Tools/Web developper/Forms/Display Form Details

Menu: Tools/Web developper/Forms/Enable auto completion

 

You will see the hidden variable UserID="YourAccountName"

You need to type the account name of the guy you want to steal he's account.

 

When it's done, click on [Send Verification Code]

 

You will receive an Email, click on the link on that email

It will ask for the code that was in the email write it and click confirm.

 

It will now ask for a new password

Fell free to do a

Menu: Tools/Web developper/Forms/Display Form Details

You will see that the account name that joymax send you is not your account name

But the target account name that you want to steal he's account.

 

Type the desired password and the First step is done.

 

 

Now you can go on

http://www.joymax.com/portal/

Type the password of the account you just stolen and you can look at he's personal setting on Joymax.com.

 

This is the step 1 of 2.

For security reason we won't release the step 2.

 

The Website password of the target account had changed to the password you have entered on Joymax.com

Now the 2nd step is to modify the Silkroadonline.net password to the Joymax password.

To change he's account password...

 

We will let joymax a 24-48 hours delay before posting how it's done.

If joymax doesn't nothing, everything will go Public.

 

In other word you can Steal someone else, legit or bot account with ONLY THE ACCOUNT NAME!.

I have wasted 42 hours investigating Joymax website.

Joymax fell free to compensate me for my time by using the donation link on the left.

 

 

May I add to this that the server Tibet All the high level have been hacked 1 by 1 using this glitch during the last 2 weeks.

Please note this goes against Joymax TOS and Joymax is fully responsible for this error. You will need to do a rollback and to do a compensation event for the time lost.

We Rev6.com did not used this exploit, we were investigating this error based on many user complaints.

Our community reported this anomaly and our objective is to persuade you that you must do a rollback

This mainly affected Tibet server, as for other server, please verify your bug report section.

 

I would like to thank all the anonymous tips received by many different users.

Joymax, if you read your Bug report, you will find how the entire Account stealing process from just an account name to empty the account on silkroad inside the game.

 

Sincerely,

C-o-r-E, MuMeD

And you’re friendly Venice Silk Assistant,

NeDra (also known as [GM]NyMbLe)