After the thread: [Only registered and activated users can see links. Click Here To Register...]
I have contacted papler for him to prove the issue...
And it confirmed, e-mail protection isn't secure anymore.
I created a new Silkroad Account:
User: testexploit549
PW: 12345678
I visited the page:
[Only registered and activated users can see links. Click Here To Register...]
Which doesn't work because newly created account are all Email protected from my knowledge.
It a new account created least then 7 days ago.
With simply the account name and password, he managed to change the password.
I tried to change the password and it requested an email confirmation.
Then I sent him a private message with the account name and password.
He changed both the email address and the password on the account.
Seem like Joymax updated their website and there a new link which can be exploited
to change someone email address even if the account is email protected.
If you do share your account, just watch out. It not safe.
Sadly, I don't feel like searching where the exploit came from.
If you know how to reproduce the exploit, feel free to contact joymax for them to fix it.
Or let us know and we will forward them the information.
Posted by: Kyle
[Only registered and activated users can see links. Click Here To Register...]
I have contacted papler for him to prove the issue...
And it confirmed, e-mail protection isn't secure anymore.
I created a new Silkroad Account:
User: testexploit549
PW: 12345678
I visited the page:
[Only registered and activated users can see links. Click Here To Register...]
Which doesn't work because newly created account are all Email protected from my knowledge.
It a new account created least then 7 days ago.
With simply the account name and password, he managed to change the password.
I tried to change the password and it requested an email confirmation.
Then I sent him a private message with the account name and password.
He changed both the email address and the password on the account.
Seem like Joymax updated their website and there a new link which can be exploited
to change someone email address even if the account is email protected.
If you do share your account, just watch out. It not safe.
Sadly, I don't feel like searching where the exploit came from.
If you know how to reproduce the exploit, feel free to contact joymax for them to fix it.
Or let us know and we will forward them the information.
Posted by: Kyle
[Only registered and activated users can see links. Click Here To Register...]