LinkBack URL
About LinkBacks
Can someone explain it?
I want to figure out a new way to find emails, thanks!
Results 1 to 13 of 13
Thread: Old email exploit?
- 01 Apr. 2013 08:35pm #1
Old email exploit?
- 01 Apr. 2013 09:30pm #2
If I'm not mistaken it had something to do with their profile (apparently somewhere behind the scenes it's listed) or something. Of course I've been on a lot of avatar sites so it may have not been Gaia that this exploit was on.
Play dumb now so you can shock the masses later
- 01 Apr. 2013 09:32pm #3 oh, I was just looking at the profile source to find a start
Originally Posted by SilkyNick 
- 01 Apr. 2013 11:40pm #4
there were a couple
Last edited by Butts; 02 Apr. 2013 at 12:11am. Reason: Typo
- 01 Apr. 2013 11:43pm #5 any more info? Originally Posted by Butts
- 02 Apr. 2013 12:15am #6 three letters, gsi. Admin and administration, along with some of the http://test1www.gaiaonline.com test servers. I'm on a mobile so excuse me with these horrible touch screen keyboardso Originally Posted by Use
- 02 Apr. 2013 12:37am #7 From what I've been hearing, anything GSI related is basically patched now? Originally Posted by Butts
- 02 Apr. 2013 02:15am #8
So basically this is what you need to know:
1) there was an exploit where you could view emails of old accounts possibly of great worth.
2) you could go to sites like hotmail.com not sure if i worked with all email services, anyhow you could re-register that email if it hadn't been used in a long time then you could recover password via gaia pass reset.
And that was the exploit in a nutshell not sure if it still worksThere's nothing ideal about being real, there's so many flaws to cover and conceal.
- 02 Apr. 2013 02:31am #9 I still do part 2 on any accounts I get the email to. Originally Posted by Kitsune
I'm sure that exploit doesn't work anymore
- 02 Apr. 2013 06:13am #10
If I remember correctly, there was something dealing with gcash_history or something that was an exploit, but I didn't really get into it, so I'm not sure if that's the one I'm thinking of that can pull emails or not.
- 02 Apr. 2013 08:41am #11Donator
Global Moderator Glamorous
- Join Date
- Apr. 2011
- Location
- 192.168.2.1
- Posts
- 990
- Reputation
- 584
- LCash
- 3.46
- Awards
The Email exploit was a tool for the Gaia's Cash Shop purchases i found. There was a open area of the Cash Shop that was used by administration to view purchase history. If i remember exact it displayed the email for a user if you input their username or "user ID" . I used it lookup emails and checked availability on the email provider, if available i would create the email then send the Gaia password rest to it using "I forgot my Password". This got annoying so i got a programmer from here to create a program that automated the lookup of user ID's/Emails that dumped them to text files to analyze.
In the end it got leeked and patched.
- 02 Apr. 2013 08:46am #12
Yeah. The test servers were really insecure at that time, so I know there were a few other people including myself there were able to get into them. A friend and I basically took over a few of the test servers, which prompted Gaia to lock them down and kick us off. Originally Posted by Butts
I don't remember email grabbing being a part of it though, although we could grab emails of anyone on the test server, I just don't remember whether that had a direct link to Gaia's main functional servers.
I'm pretty sure the email exploit you're thinking of was the one in GSI though.
Jovan made a video demonstrating it.
That program definitely utilized GSI, I don't remember what method it was though.
There's still huge lists of emails that were acquired back then going around. I remember some lames in Rally trying to sell them.I don't get tired.
- 02 Apr. 2013 04:25pm #13
I wish there was an easy way to figure out someone's e-mail without hacking them and/or asking them directly. Bl
Reply With Quote
