Let me explain how they worked.

[Lysergic Delights]

Basically I'm going to explain some toys on Gaia that existed and how they worked in this post. So enjoy.

Let's start out with the method to login to anybody's account. This was done with GSI using json with the GSI method 108 and setting the parameter for password to 1 to be true instead of actually entering your md5password shit. Therefore logging you into the account.

The gifting without a password method, this was done with a simple edit to the page to basically edit the confirm page to be the submit page therefore bypassing needing a password.

Hmm, let's see. The gold gen that was very well kept a secret. Only about six people could do it. Done using a GSI method that granted 500 gold, and using php to generate a random number to use as a new number when generating since it generated 500g per a single number that can't be reused.

Okay insta-morphing in rallies was easily done. Basically you send three packets which you can do with one packet using the 03 hex to end a packet and start another one to do it instantly. The three packets were easily. The ava edit, the enter room packet resent and a move packet to set up your position. Nothing hard, why you kids couldn't figure it is beyond me.

SID Grabbing, this was done using the 109 method to get the sid and using AJAX and an XSS Hole on Gaia to retrieve a users session ID, if you could gift without a password you didn't have a need for a password with this. Not the best way to steal shit, but only because you could be banned sooner or later, or well.

Comment deleting, I'm not sure if this is patched and I'm too lazy to text, basically done with cross site request forgery to add the submit parameter to be "Yes" and sending it. Not really going to go into it as I doubt you were aware to it's existence.

Posting non-global announcements, stickies and locked topics. Merely a tamper data edit to a hidden parameter you need to know which having knowledge of their forum you may of. Not going into this either for same reason as comment deleting.

I also created a method of password stealing a saved password that autofiled using XSS and a bit of CSRF. Was nothing too complicated.

[The Unintelligible]

This is retrospective information. Is there really any point in sharing all of this at this point?

Also, how much of this have you actually discovered on your own?

Good share though. Didn't you have a prior account on here? "_hylia" or something I think?

Edit: Chill with the condescending tone, once again.

[Lysergic Delights]

This is retrospective information. Is there really any point in sharing all of this at this point?

Also, how much of this have you actually discovered on your own?

Good share though. Didn't you have a prior account on here? "_hylia" or something I think?

Edit: Chill with the condescending tone, once again.

Yeah, why the fuck not. Let's give these kids some actually information and help them understand something. I mean, it gives them a good idea of some interested stuff. Motivation to learn to be able to pull off some stuff etc etc, and yeah. Thank you for reminding me of that, I forgot about it. I apologize. I doubt I'll remember it's password anyways. Bleh. And where as I may not of learned it on my own my mentors did make me have to be able to write the scripts to do anything etc, I had to understand how it worked. I found some of it on my own as well. Regardless I'm sure they can use it for something, it gives them a general idea of what site exploits can do and as I said that forms motivate.

[The Unintelligible]

True true.

Nice contribution either way.

[Tree]

Also, how much of this have you actually discovered on your own?

Unless Hylia is Doc, Lain, G3 or me he didn't discover pretty much any of this. Feels like it's just a thread he made to give himself some sort of self fulfillment since he actually doesn't post any examples to help others and just belittles everyone while slowly jerking himself off.
Also almost all of this eventually became common knowledge.

Edit: On the subject of the gold generator, I'm not sure which he refers to as there are so many I can think of (some still work) that sound like that one.

[Alexx]

I have a strong feeling this is Nova.

[The Unintelligible]

I have a strong feeling this is Nova.

I think it is.

[PrincessFluttershy]

I think it is.

The one who dated a really fat 13 year old?

[The Unintelligible]

The one who dated a really fat 13 year old?

idk. I think so. The one who is under the tutelage of Personoid is the best universal description of him.

Which is a sad stigma to have as a person.

[PrincessFluttershy]

idk. I think so. The one who is under the tutelage of Personoid is the best universal description of him.

Which is a sad stigma to have as a person.

I was unaware he ever asked about learning from exploits rather than just exploiting them. Kudos he accomplished more than I cared to

[The Unintelligible]

Nova isn't really incompetent, but he isn't really as great as he used to think he was either. He's made strides towards learning so that's enough to get some type of veneration from me.

My biggest issue with him was the sense of unwarranted arrogance he seemed to have acquired from Newton/Cake/etc. He was influenced a lot by individuals he looked up to and acted in accordance to them. Basically.

Personally I haven't talked to him in like a year now, so I don't know how he is now or how much he's changed. But to his credit, he seems to have matured some.

[PrincessFluttershy]

Nova isn't really incompetent, but he isn't really as great as he used to think he was either. He's made strides towards learning so that's enough to get some type of veneration from me.

My biggest issue with him was the sense of unwarranted arrogance he seemed to have acquired from Newton/Cake/etc. He was influenced a lot by individuals he looked up to and acted in accordance to them. Basically.

Personally I haven't talked to him in like a year now, so I don't know how he is now or how much he's changed. But to his credit, he seems to have matured some.

So have you. You should put moderator on your next resume lol

[The Unintelligible]

So have you. You should put moderator on your next resume lol

I think I've matured a bit. Still the same person in nature, though. Not really relevant tho sir.

[Tree]

I think I've matured a bit. Still the same person in nature, though. Not really relevant tho sir.

ur moms the same person in nature

[The Unintelligible]

ur moms the same person in nature

u take that back.

Betcha wouldn't say that to mi face. Fight me irl fgt.

[Tree]

u take that back.

Betcha wouldn't say that to mi face. Fight me irl fgt.

i aint sayin shit2ur face im an mma profession nfl boxer

[The Unintelligible]

all about UFC over here.

UFC 4 lyfe

[Lysergic Delights]

Either way, I may not of discovered this, but a few exploits I found on my own and was hinted towards. Other's were handed to me. You guys already know who I am, I don't care what you have to say to be frankly honest. Either way, this gives you a general idea of what could be done, gives you some motive to learn stuff and I'm sure there are other exploitable sites as well. I merely joined because I was bored. I posted this because I was bored as well, either way; learn something from this, just because I'm not handing you everything doesn't mean you can't learn. Hell I'm handing you more than I was most the time.

[The Unintelligible]

Either way, I may not of discovered this, but a few exploits I found on my own and was hinted towards. Other's were handed to me. You guys already know who I am, I don't care what you have to say to be frankly honest. Either way, this gives you a general idea of what could be done, gives you some motive to learn stuff and I'm sure there are other exploitable sites as well. I merely joined because I was bored. I posted this because I was bored as well, either way; learn something from this, just because I'm not handing you everything doesn't mean you can't learn. Hell I'm handing you more than I was most the time.

stop

[Isonyx]

Didn't know how the gold generation was done. Good post.

Did you create this method of password stealing using form auto-fills alone?
I remember Personoid telling me about it when he was working on it.

[Tree]

stop

Too lazy to write up an entire essay on how he could have went about this better.

[The Unintelligible]

Too lazy to write up an entire essay on how he could have went about this better.

Exactly

[Lysergic Delights]

Didn't know how the gold generation was done. Good post.

Did you create this method of password stealing using form auto-fills alone?
I remember Personoid telling me about it when he was working on it.

Personoid was a part of that with me. I'm the one who brought it to him. He made a more complex XSS SID grabber with it while I just left it alone as was, didn't care for it too much.

Exactly

I'm too lazy to actually care to of went about it better. Notice the lack of effort I've put into this thread. I'll revise it at a later point in time.

[Alexx]

Yep i knew it.

[The Unintelligible]

Yep i knew it.

why

And how do you know Novz?

[Alexx]

why

And how do you know Novz?

I've been around for a long time.

[niggahack]

motha fuck yo little ass hit list i got a big ass hit book

[Butts]

the fuck is this shit
if this is nova, wait for him to say that gaia_flash isn't a directory

[GetPaid]

Lol