Working on discovering Ceres vulnerabilities

Hello all, I'm working with another user in discovering exploits and vulnerabilities in the current version of ceres cp and also digging a bit into the patched azndragon cp (found some vulnerabilities but no gaping holes) we havent discussed how we will release our findings without them being patched like last time (the account_manage.php vulnerability). My question to you would be can you offer any hints into the ceres control panel where we should start digging. Thanks =]

If you dont want release your findings to everyone ( so that it dont get patched) you should only offer it to lvl2 ( so just pm lowfyr with your exploits).
I dont know any bugs in this shit cp :) ( if i had a server i wouldnt use azndragon cp =o).

Indeed =] Well atm him and I are working on breaking through to a 600+ server's account list. Here's a preview of sorts for a different server: [Only registered and activated users can see links. Click Here To Register...]

well.. I would really like to share some of my findings in these.

I made a XSS Worm for ROCP by AZNdragon, LoveRudraCP, StarGamesCP and ChobochoboCP. The XSS Worm works 100% on this CP's and it is made to go directly to the view_exploit_log.php, log.php and authlist.php log's. When the Admin / GM goes to that logs u'll get the admin phpssesid Hash into ur desired log.

Now.. I wonder why would u try to "hack" deliveranceRO by using that crappy method... that CP is prone to Sql Injection dude.. ¬¬!... so damn easy to hack that, the main problem is the default skin "blueeee" wich return u an error when injecting the error.

I wonder how can I get "lvl 2".

Let me make a tutorial video showing how the XSS exploit works.
-- Pending video--

Ok.. here's the video.. It took me a while to make it..

It's compresed with winrar and it's a video clip.

REMOVED VIDEO* - !

Rar file size = 3.27MB
Decompresed = 150MB

High Resolution, Please see the video with FULL SIZE SCREEN.

- To prevent kiddies, I have eliminated part of the victimlog

Feel free to ask me for the code of the XssW0rm.
Works on ROCP, LoveRudra, StarGames and Others [like chobochobo]
-------------------------------------------------------------------

damn.. this sucks... no one share nothin...