I think I may know of a phisher vulnerability if the index page is a .php file. If anyone knows of a phisher with that, pm me, i want to test my exploit. It could possibly get the database file, i dont think anyone else knows of this, just discovered it on my own testing website vulnerabilities.
-
Welcome to ForumKorner!
Buy, Sell, Trade, Discuss—All in One Place.
Runescape Phisher Exploit?
- Thread starter Rakeya
- Start date
the index page that have the php file, i think i know how to get the database for it, meant for like basic phishers, but i want to test if this will work, I'm not sure or not. Anyone have a basic phisher url with index.php?
My old iPhish lite has it, I don't have one setup but if you wanted: http://www.mediafire.com/?a0iv5a8oxij1e57
I dont see what your getting at, a basic phisher that writes to a file only uses fopen().
If the file where your logins are displayed is named .php then theres a security risk, better to just have your phishes inserted into a database and use mysql_real_escape & add_slashes to escape all dangerous post input.
If the file where your logins are displayed is named .php then theres a security risk, better to just have your phishes inserted into a database and use mysql_real_escape & add_slashes to escape all dangerous post input.
it's not any post input or xss vulnerabilities. it's a very simple way to view php script, many basic phishers have the redirect link in php, if anyone sends me that redirect link i can exploit it to get the character files. What i plan to do is freeze the redirect file and view the source code of it.
If anyone wants to test if their phisher is vulnerable to this, or if anyone knows of a phisher url you want files to, pm me, I need to know if this method works or not. If so, I may be able to get any phisher's password files.
i read every post on this page unless their is a misunderstanding your goal is to whale phisher logs. Since this is a runescape hacking forum and alot of people here phish i would consider this pretty straight forward...
