Public paste
Undefined
By: ass | Date: Nov 30 2007 20:28 | Format: None | Expires: never | Size: 1.28 KB | Hits: 1254

  1. [Silkroad Exploit Step 1 out of 2]
  2.  
  3. [Joymax account exploit Part 1]
  4. http://www.joymax.com/portal/
  5. - Create a new account
  6.  
  7. Go on the following link: [Here]
  8. Complete the E-mail Verification Service.
  9.  
  10. When you are done.
  11.  
  12. Log out.
  13. Go on http://www.joymax.com/portal/
  14. Go in the Forgot your password
  15. Write your ID and E-mail
  16. click Change Password
  17.  
  18.  
  19. Now before clicking on Send verification code:
  20. Exploit Step #1 start here:
  21.  
  22. http://rev6.com/AccountName.jpg
  23.  
  24. [Tool used do modify the account]
  25.  
  26. FireFox: [Here]
  27.  
  28. FireFox Addons: [Here]
  29.  
  30. Menu: Tools/Web developper/Forms/Display Form Details
  31. Menu: Tools/Web developper/Forms/Enable auto completion
  32.  
  33. You will see the hidden variable UserID="YourAccountName"
  34. You need to type the account name of the guy you want to steal he's account.
  35.  
  36. When it's done, click on [Send Verification Code]
  37.  
  38. You will receive an Email, click on the link on that email
  39. It will ask for the code that was in the email write it and click confirm.
  40.  
  41. It will now ask for a new password
  42. Fell free to do a
  43. Menu: Tools/Web developper/Forms/Display Form Details
  44. You will see that the account name that joymax send you is not your account name
  45. But the target account name that you want to steal he's account.
  46.  
  47. Type the desired password and the First step is done.