Hi guys,
this tutorial and exploit writer by my friend 1337 (leet hax0r)
I found that MyChat Shoutbox plugin is vulnerable to users spamming as a Guest (Spamming without registering on the forum) and vulnerable to CSRF.
Plugin has no security token to POST data. Therefor it is vulnerable to CSRF also.
Lets see how it works:
Code:
http://target.com/mychat.php?action=insert&message=1337
The above link will submit a message http://www.MaDLeeTs.com with out any problem. If you are not logged in, you can submit messages as a Guest.
To see results, you can see it on the forums index if admins have allowed chatbox to be seen by Guests. If Guests can not see it on forums index, they can see it by the link below:
Code:
http://xnonymoux.org/mychat.php?action=update
You can troll an admin by adding http://target.com/mychat.php?action=insert&message=1337 in a iframe and submit it via PM to the admin of the forum. Once he opens it, a message will be posted by his account. If messages can be seen as a Guest on forum index, you can make your targets forum admin submit a HaCked message with your code-name by replacing 1337 . Once done, mirror it on Zone-H and it might be approved since you where not authorized to submit such messages by admins account
Here is a site that you can play with
Live Demo:
Code:
http://xnonymoux.org/mychat.php?action=insert&message=1337
What ever you submit in message= will be displayed here:
Code:
http://xnonymoux.org/mychat.php?action=update
Note: If you refresh mychat.php?action=insert&message=1337 page, and hold F5. It will flood targets chatbox
Have fun
Exploit by 1337 - TeaM MaDLeeTs
http://www.MaDLeeTs.com
Hello world
ReplyDeleteI teach hacking andriod apk virus - windows Hacking - web server hacking -
Reseller :- Hacking Tools & Hacking services, Also Teach Hacking Methods Via teem weaver or Anydesk,
Each Method Take minimum 1 hour to learn with vedio Tutorial And Hacking Tools ,
How to Make Money hacking tools,
- Spamming & Tools ,
- Carding & Tools ,
- Virus with control panal and Spy bot files,
- Virus With Builder And Crypter ,
- Scanners with Bruters ,
- Crypters with Doc Exploits ,pdf Exploits ,TExtfile Exploits ,
- PHP Exploits with shell and mailer
- OTP verications Bypass with Bulletproof Scam-page and Otp control
- Company Ceo or cfo leads Any country
- Rat virus with builder
- Cookies Stealers and Builder
- keyloger and builder
- Credit card Scam-pages
- Bank login Scam-pages
- debit card topup scam page
- donation scam-page
- dhl login and tracking scam-page
- fedax login and tracking scam-page
- Shipping Tools
Place & Ground
learners you will pay cheap $ for demo Tools & Method
Business grounds
Credit card Low Interest Services,
- Credit card with Fullz Information - Minimum Investment 150$ - With 50k Credit limit And balance
- Debit Card Topup AS per Card limit - Minimum Investment 200$ - With 8000$ balance
- Dating scam Fresh male female Logins - Minimum Investment 80$ - Dating Login upto 30
-----------------
ABOUT US :
Icq :-675452902
Skype: rushr00t000
email me:- hackitbackd00r@gmail.com
Selling good and fresh cvv fullz
ReplyDeletetrack 1 and 2 with pin
bank login
bank transfer
writing cheques
transfer to cc ...
Sell Fresh CVV - Western Union Transfer - Bank Login - Card Dumps - Paypal - Ship
Fresh Cards, Selling Dumps, Cvvs, Fullz
Tickets,Hotels,Credit card topup...Paypal transfer, Mailer,Smtp,western union login,
Book Flight Online
SELL CVV GOOD And HACK BIG CVV GOOD Credit Card
Fresh Cards. Selling Dumps, Cvvs, Fullz.Tickets,Hotels,Credit cards
Sell Cvv(cc) - Wu Transfer - Card Dumps - Bank login/paypal
And many more other hacking services
contact me : hackerw169@gmail.com
ICQ: 699 396 818
- I have account paypal with good balance
- I hope u good customers and will be long-term cooperation
Prices Western Union Online Transfer
-Transfer(Eu,Uk,Asia,Canada,Us,France,Germany,Italy and very
easy to do African)
- 200$ = 1500$ (MTCN and sender name + country sender)
- 350$ = 4000$ (MTCN and sender name + country sender)
- 500$ = 6000$ (MTCN and sender name + country sender)
- 600$ = 8000$ (MTCN and sender name + country sender)
Then i will do transfer's for you, After about 30 mins you'll have
MTCN and sender name + country sender
- Dumps prices
- Tracks 1&2 US = 85$ per 1
- Tracks 1&2 UK = 100$ per 1
- Tracks 1&2 CA / AU = 110$ per 1
- Tracks 1&2 EU = 120$ per 1
Bank Logins Prices US UK CA AU EU
- Bank Us : ( HALIFAX,BOA,CHASE,Wells Fargo...)
. Balance 5000$ = 250$
. Balance 8000$ = 400$
. Balance 12000$ = 600$
. Balance 15000$ = 800$
. Balance 20000$ = 1000$
- Bank UK : ( LLOYDS TSB,BARCLAYS,Standard Chartered,HSBC...)
. Balance 5000 GBP = 300 GBP
. Balance 12000 GBP = 600 GBP
. Balance 16000 GBP = 700 GBP
. Balance 20000 GBP = 1000 GBP
. Balance 30000 GBP = 1200 GBP
contact me : hackerw169@gmail.com
ICQ: 699 396 818
ReplyDeleteFRESH&VALID SPAMMED USA DATABASE/FULLZ/LEADS
****Contact****
*ICQ :748957107
*Gmail : darkiris911@gmail.com
*Telegram :@James307
*Skype : Jamesvince$
<><><><><><><>
USA SSN FULLZ WITH ALL PERSONAL DATA+DL NUMBER
-FULLZ FOR PUA & SBA
-FULLZ FOR TAX REFUND
$2 for each fullz/lead with DL num
$1 for each SSN+DOB
$5 for each with Premium info
ID's Photos For any state (back & front)
(Price can be negotiable if order in bulk)
<><><><><><><><><><><>
+High quality and connectivity
+If you have any trust issue before any deal you may get few to test
+Every leads are well checked and available 24 hours
+Fully cooperate with clients
+Any invalid info found will be replaced
+Payment Method(BTC,USDT,ETH,LTC & PAYPAL)
+Fullz available according to demand too i.e (format,specific state,specific zip code & specifc name etc..)
<><><><><><><><><><>
+US cc Fullz
+(Dead Fullz)
+(Email leads with Password)
+(Dumps track 1 & 2 with pin and without pin)
+Hacking & Carding Tutorials
+Smtp Linux
+Safe Sock
+Server I.P's
+HQ Emails with passwords
<><><><><><><><>
*Let's do a long term business with good profit
*Contact for more details & deal
****Contact****
*ICQ :748957107
*Gmail: darkiris911@gmail.com
*Telegram :@James307
*Skype : Jamesvince$