Database Filler (Exploit)

09/23/2015 12:19 kosakos#1
#removed
09/23/2015 12:48 treica#2
I won't be surprinsed if your server will get hacked / ddosed and all that.. full time as from today :)

If this takes you 20 secs to add 1000 would take me a second to run
Code:
USE PS_UserData DELETE * FROM Users_Master WHERE UserIp = ''
Small kids would try to use this and if their accounts would get deleted with them spam accounts, would be you to blame ? good luck.
09/23/2015 12:57 kosakos#3
Quote:
Originally Posted by treica View Post
I won't be surprinsed if your server will get hacked / ddosed and all that.. full time as from today :)

If this takes you 20 secs to add 1000 would take me a second to run
Code:
USE PS_UserData DELETE * FROM Users_Master WHERE UserIp = ''
Small kids would try to use this and if their accounts would get deleted with them spam accounts, would be you to blame ? good luck.
so much hatred all shoved in one comment, damn you're good o.o

and good for the admins, they can delete it in seconds... what's your POINT? nothing is wrong with my tool means shut your mouth and watch how we fill up the databases with lots of crap :D

"I won't be surprinsed if your server will get hacked / ddosed and all that.. full time as from today :)"

Like I have one o.o, wish I did tho :D would prob be better than urs <3
09/23/2015 13:55 SUnKnown#4
#request to move Wrong Section
09/23/2015 14:18 vodanh_style#5
Not Work in window 7 !
09/23/2015 14:57 italo.sanchez#6
Quote:
Originally Posted by kosakos View Post
A small heads up to all servers that does not have a maximum IP account registration or a Re-Chapta filtered one...

This exploit will fill up your database and use a lot of wasted space, of course overheating your database server when packets gets dropped off before reaching the server.

How to use?
1) Open the tool and go to settings page.
2) Chose the server you would like to over-heat and then press on Save.
(I realize there is only 2 servers in the list but there will shortly be an update :) )
3) Head back to main page and choose the amount of accounts u would like to create.
(If it's your first time ever using this tool, please make 1 account then use it again because first time it's bugged).
4) Head to the Logs page and check the accounts that were created by the tool.
5) Max accounts is 1000 and it takes up to 20 seconds to create all 1000.


Images:

Virus scan:

Download Link:

PS! If you have a request for a server to be added to the list, please post a comment!
This virus scan is not real!
Look this
[Only registered and activated users can see links. Click Here To Register...]
09/23/2015 15:04 treica#7
Limit your registrations per ip.

ODBC //tested works
Code:
$ip = $_SERVER['REMOTE_ADDR'];
$conn = your server connection;
$error = "No more accounts from this address";
$sql = odbc_exec($conn, "SELECT Count(UserUID) as tot_accs FROM PS_UserData.dbo.Users_Master WHERE UserIp = '".$ip."'");
$arr = odbc_fetch_array($sql);
if($arr['tot_accs'] > 2){
return $error;
}
MSSQL //tested works
Code:
$ip = $_SERVER['REMOTE_ADDR'];
$conn = your server connection;
$error = "No more accounts from this address";
$sql = mssql_query($conn, "SELECT Count(UserUID) as tot_accs FROM PS_UserData.dbo.Users_Master WHERE UserIp = '".$ip."'");
$arr = mssql_fetch_array($sql);
if($arr['tot_accs'] > 2){
return $error;
PDO //not tested yet.
Code:
$ip = $_SERVER['REMOTE_ADDR'];
$conn = your server connection;
$error = "No more accounts from this address";
$sql = $conn->prepare("SELECT Count(UserUID) as tot_accs FROM PS_UserData.dbo.Users_Master WHERE UserIp = ?");
$sql->bindValue(1, $ip, PDO::PARAM_INT);
$sql->execute();
while($row = $sql->fetchAll(PDO::FETCH_ASSOC)){
if($row['tot_accs'] > 2)
{
return $error;
}
09/23/2015 16:10 kosakos#8
Quote:
Originally Posted by treica View Post
Limit your registrations per ip.

ODBC //tested works
Code:
$ip = $_SERVER['REMOTE_ADDR'];
$conn = your server connection;
$error = "No more accounts from this address";
$sql = odbc_exec($conn, "SELECT Count(UserUID) as tot_accs FROM PS_UserData.dbo.Users_Master WHERE UserIp = '".$ip."'");
$arr = odbc_fetch_array($sql);
if($arr['tot_accs'] > 2){
return $error;
}
MSSQL //tested works
Code:
$ip = $_SERVER['REMOTE_ADDR'];
$conn = your server connection;
$error = "No more accounts from this address";
$sql = mssql_query($conn, "SELECT Count(UserUID) as tot_accs FROM PS_UserData.dbo.Users_Master WHERE UserIp = '".$ip."'");
$arr = mssql_fetch_array($sql);
if($arr['tot_accs'] > 2){
return $error;
PDO //not tested yet.
Code:
$ip = $_SERVER['REMOTE_ADDR'];
$conn = your server connection;
$error = "No more accounts from this address";
$sql = $conn->prepare("SELECT Count(UserUID) as tot_accs FROM PS_UserData.dbo.Users_Master WHERE UserIp = ?");
$sql->bindValue(1, $ip, PDO::PARAM_INT);
$sql->execute();
while($row = $sql->fetchAll(PDO::FETCH_ASSOC)){
if($row['tot_accs'] > 2)
{
return $error;
}
why u releasing something that's already released other places in a comment o.o ?

Brain.exe malfunctions I believe :D

Hmmm, next update is this:
PROXY SERVER ADDED!

[Only registered and activated users can see links. Click Here To Register...]

nice isn't it :) ?
09/23/2015 16:47 treica#9
Add in your header :)
Code:
<?php if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("Proxy access not allowed"); ?>
OR in .htaccess

Code:
<ifModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP:VIA}                 !^$ [OR]
 RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
 RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
 RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
 RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
 RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
 RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
 RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
 RewriteRule .* - [F]
</ifModule>
result
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

Quote:
Originally Posted by kosakos View Post
why u releasing something that's already released other places in a comment o.o ?

Brain.exe malfunctions I believe :D

Hmmm, next update is this:
PROXY SERVER ADDED!

[Only registered and activated users can see links. Click Here To Register...]

nice isn't it :) ?
Sorry i don't see anywhere written RELEASE. is just a comment same as yours :)

Regards
09/23/2015 16:59 kosakos#10
Quote:
Originally Posted by treica View Post
Add in your header :)
Code:
<?php if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("Proxy access not allowed"); ?>
OR in .htaccess

Code:
<ifModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP:VIA}                 !^$ [OR]
 RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
 RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
 RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
 RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
 RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
 RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
 RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
 RewriteRule .* - [F]
</ifModule>
result [Only registered and activated users can see links. Click Here To Register...]
Regards
such a fake message... everyone knows that it doesn't work it just give u bunch of errors -.-"
[Only registered and activated users can see links. Click Here To Register...]
use that proxy and u'll see lol

it either blocks everyone or no one :)
09/23/2015 21:57 nubness#11
[Only registered and activated users can see links. Click Here To Register...]
09/23/2015 22:40 Big_#12
#Request close this is not a hack and exploit part of the forum
09/24/2015 16:57 Autrux#13
#closed

Rly? Sounds for me more like ddos.