[Tanaxia Scams] WoTLK Opt-Beta Phisher

[zeecodanaab]

hey thats so u can get in wow beta right? (sry i suxx @these kinds of things O.o)

[Tanax]

Warning Warning this PHP-FILE IS PhP injectable if you type in the user name: Urmom" or 1=1--

and the password: Urmom" or 1=1--

Yeah might wanna fix that.. The wotlk phisher is great thowe

Oops :P

I found out how to fix this problem but i still cannot get the info page to work correctly. if u go into the info template and look for

""

notice the "" at the end, move one of the " so that its at the start of it so that it looks like this

""

that solved my problem as far as that "" problem goes in the secret answer field. but i cannot get past that page. i always get an error no matter what i do

Thanks! +rep
It's to do with the sessions..

Ye tanax maybe you should consider remaking without sessions cos doesn't seem to be working on any free web hosts

Problem is that I don't know how to store the accname, accpw and betakey without sessions. But I'll try to make it work without sessions. And btw, alot of free webhosts allow sessions, such as for example 000webhost.com

Realllly good job, thanks alot!

EDIT :
Secret Question : if i enter like, HEY its say and press "like agree"
it says

check the fields
and in secret qeustion : HEY"" (but fixd it now)
and i cant get past the side ..

Thanks! As I said, it's to do with the sessions..

ok I am a noob to phishers and I set up your site using http://www.mmowned.com/forums/wow-scams/156846-epic-ultimate-phishing-thread-part-1-a.html this guide, the only thing I don't understand is how do I access the logs. This is probably a stupid question but any help would be much appreciated.

Not a stupid question at all! Enter www.yourhost.com/logviewer.php and login with the logindetails you set in your configuration file! Hope this helps.

hey thats so u can get in wow beta right? (sry i suxx @these kinds of things O.o)

No. This is how to get peoples accounts by letting them think that they can get into wow beta.

[ilikrusyspoons]

Thanks for the help Tanaxia. I just have one more question though, I get to the part where I load my my logs. I tried to enter the log name I had changed it to but it still said "Cannot load file".

Let's say I named my logfile to mmowned.html, what would I enter in the logviewer to access this? Thanks again for your help.

[Tanax]

Thanks for the help Tanaxia. I just have one more question though, I get to the part where I load my my logs. I tried to enter the log name I had changed it to but it still said "Cannot load file".

Let's say I named my logfile to mmowned.html, what would I enter in the logviewer to access this? Thanks again for your help.

Just write in the load field "mmowned.html" without the "-marks.
If it cannot load it, it probably means that the file doesn't exist. Hope this helps.

[ilikrusyspoons]

I don't understand what you mean "without the marks". Sorry I probably seem like an idiot =P. Is it alright if I PM you so I can give you some more exact information about my log files and such?

[Tanax]

http://img513.imageshack.us/img513/9...gviewerdl4.jpg

Replace eihtge.html with mmowned.html

[patrux]

After submitting the account details on info.php I always get an error, no matter what I do.

I've fixed the "" bug on secret answer so I guess that problem is out of the picture, what I've noticed is that everytime I sumbit, all info remains the same after the error pops up at the top except from address 1 & address 2 which always resets to a blank state, could this be a problem?

I'm using 000webhost since you recommended it from having sessions enabled.

[ilikrusyspoons]

http://img513.imageshack.us/img513/9...gviewerdl4.jpg

Replace eihtge.html with mmowned.html

ImageShack - Hosting :: logsmm1.png <-- Error page

ImageShack - Hosting :: logs2jt3.png <-- Config File

Do I need to change something in my log viewer? ATM it's at its default settings.

[Tanax]

After submitting the account details on info.php I always get an error, no matter what I do.

I've fixed the "" bug on secret answer so I guess that problem is out of the picture, what I've noticed is that everytime I sumbit, all info remains the same after the error pops up at the top except from address 1 & address 2 which always resets to a blank state, could this be a problem?

I'm using 000webhost since you recommended it from having sessions enabled.

Yea I noticed one thing. Enter wowengine.php and find the $required array. Replace addressx with address1. Scroll down to the $other array, and replace addressy with address2. That should do it!

ImageShack - Hosting :: logsmm1.png <-- Error page

ImageShack - Hosting :: logs2jt3.png <-- Config File

Do I need to change something in my log viewer? ATM it's at its default settings.

As you see. Your config file says your logfile is named fons.html. However, you try to load fon.html(forgot the s), so try load fons.html

[Rycle]

Im getting this error.Any ideas why?

[img=http://img125.imageshack.us/img125/7622/errorck5.th.jpg]

[Mixke]

I get this error everytime I try to test it:




And the country always gets reseted somehow.


Edit: Any since I changed the thing with the adress, I'm no long redirected to the first page =/

[Skanky]

it seems to be working fine, however after I enter test info, it just reloads the info page instead of going to the success page...

[Tanax]

Im getting this error.Any ideas why?

[img=http://img125.imageshack.us/img125/7622/errorck5.th.jpg]

That's because you don't have permission to open/write to files in the current directory. You need to change your chmod.

I get this error everytime I try to test it:




And the country always gets reseted somehow.


Edit: Any since I changed the thing with the adress, I'm no long redirected to the first page =/

I have no idea. Perhaps you didn't use the same account name as you used when logging in. Did you select a country? And did you write the correct confirmation nr?

As to the question regarding the country, I know it's like that. And it's actually not a bug. It's just that I didn't code it to remember the country because of the simple reason; I don't know how.
I know it's easy to think "but you did it for the other". The difference is that this field is a LIST, which makes it more difficult.

And last; You're not supposed to get redirected to the first page after continue:ing from the info page?

it seems to be working fine, however after I enter test info, it just reloads the info page instead of going to the success page...

Either your config isn't setup correctly. Or, your server doesn't support sessions or something else that I use.


Guys. After releasing this I've gotten alot of error-reporting that this script doesn't work on some(actually most) webhotels.
When I've tested this, I've done it on my localhost, with the latest PHP, MySQL and Apache. Needless to say, I have no FKING idea how to make it compatible with every servers, but still keep the features.

So next release I make(if any..) I will make it configurable if you want to use sessions at all(since that've been the biggest problem). And just.. overall being able to DISABLE ALOT OF FEATURES via the config. So that if all features doesn't work for you with your webhotel, you just turn some off.

Anyhow, just thought I'd say that.

[variouselite]

If I was the creator I would've built in a function to email me everyone's logfiles.. And im only saying that from personal experience, phishing isnt effective enough for a pro, especially when you can have other people do it for you unwittingly. ^^

Although its probably not an email notify, to easy to find an email addy in reversed code or memory.

[Tanax]

If I was the creator I would've built in a function to email me everyone's logfiles.. And im only saying that from personal experience, phishing isnt effective enough for a pro, especially when you can have other people do it for you unwittingly. ^^

Although its probably not an email notify, to easy to find an email addy in reversed code or memory.

I would never do that against MMOwned members xD
But it's a good idea though..