DO NOT SEND SUPPORT MESSAGE THAT HAVE ACCOUNT NAME AND PASSWORD TO JOYMAX!!!
All the post are public and if you look at rev6 forum, the exploit was found like this: pic1 , pic2. Basically if you send them a message using your account that has a premium, you can from there browse from their website to the admin mailbox without any password with only 3 mouse clicks. Enter any username and password you want, they are all valid... They better fix it soon, I don't even want to contact Joymax knowing that everyone can view everything... This is another huge FAILED! for Joymax -_- Credit goes to _TANGUITO_ for posting it on rev6 forum.
Joymax NEED to fix it as soon as possible before another exploit come out of it (sql injection, cross site scripting exploit etc...)
Post subject: Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 2:59 pm
Frequent Member
Joined: Oct 2007 Posts: 1427 Location:
oh boy...yeah, you can just type random characters in that ID and password field, and I see tons of emails in there. Not good!
edit: OH MAN this looks bad...at first, I thought it might be a demo, but I see people in there that I have seen on Olympus...and more that show up on rev6...this appears to be true.
_________________ If faith is a crutch, I'm not limping anymore.
Last edited by pr0klobster on Fri Jan 30, 2009 3:03 pm, edited 1 time in total.
Post subject: Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:17 pm
Frequent Member
Joined: Jun 2008 Posts: 1393 Location:
Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right? Man this is serious, joymax seriously screwd people this time, if what i asked is true...
Post subject: Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:19 pm
Frequent Member
Joined: Oct 2007 Posts: 1427 Location:
aznronin wrote:
Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right? Man this is serious, joymax seriously screwd people this time, if what i asked is true...
so far, that appears to be the case from what we can see
Although, I am unsure of the premium thing because I'm at work, how would they know? I'm just putting in garbage characters for ID and password.
_________________ If faith is a crutch, I'm not limping anymore.
Post subject: Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:22 pm
Active Member
Joined: Apr 2008 Posts: 820 Location:
pr0klobster wrote:
aznronin wrote:
Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right? Man this is serious, joymax seriously screwd people this time, if what i asked is true...
so far, that appears to be the case from what we can see
Although, I am unsure of the premium thing because I'm at work, how would they know? I'm just putting in garbage characters for ID and password.
U don't need prem or even silk. Just tested it with a acc without silk. Login to joymax portal, go to sro Q&A history; then on the "home" sign Then on that inbox image & start reading.
Found already 2 acc id & pw; both blocked for chargeback ><
Post subject: Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:26 pm
Frequent Member
Joined: Oct 2007 Posts: 1427 Location:
Razorhead wrote:
pr0klobster wrote:
aznronin wrote:
Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right? Man this is serious, joymax seriously screwd people this time, if what i asked is true...
so far, that appears to be the case from what we can see
Although, I am unsure of the premium thing because I'm at work, how would they know? I'm just putting in garbage characters for ID and password.
U don't need prem or even silk. Just tested it with a acc without silk. Login to joymax portal, go to sro Q&A history; then on the "home" sign Then on that inbox image & start reading.
Found already 2 acc id & pw; both blocked for chargeback ><
What I'm saying is that I haven't logged on to the Joymax portal from work. There is no way to refer to my account from this computer. It's more wide open than we think. ANYONE can see this. People don't even need SRO accounts.
_________________ If faith is a crutch, I'm not limping anymore.
soooo support the damn fking sever are ALL FULL can you make the fking server higher taht more people can connect
Answer:
Quote:
Dear Valued Customer, Greetings from Joymax Customer Support Team!
We received your email regarding the server traffic problem that you are experiencing. We are sorry for the inconvenience that this may have caused you.
We suggest that you should try our Premium Gold Time Plus (4 weeks) were you can have a special bonus of preferred game access to the game that users can log into the game during server traffic hours.
*Also, please try to check your PC specification, get a faster connection that utilizes ADSL, VDSL, T3 lines, a faster computer faster/more efficient CPU, graphic card, or RAM.
Post subject: Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:40 pm
Frequent Member
Joined: Jun 2008 Posts: 1393 Location:
HejsaN wrote:
Quote:
Question
soooo support the damn fking sever are ALL FULL can you make the fking server higher taht more people can connect
Answer:
Quote:
Dear Valued Customer, Greetings from Joymax Customer Support Team!
We received your email regarding the server traffic problem that you are experiencing. We are sorry for the inconvenience that this may have caused you.
We suggest that you should try our Premium Gold Time Plus (4 weeks) were you can have a special bonus of preferred game access to the game that users can log into the game during server traffic hours.
*Also, please try to check your PC specification, get a faster connection that utilizes ADSL, VDSL, T3 lines, a faster computer faster/more efficient CPU, graphic card, or RAM.
Post subject: Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:41 pm
Elite Member
Joined: Feb 2006 Posts: 6119 Location: A den~
aznronin wrote:
Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right? Man this is serious, joymax seriously screwd people again, if what i asked is true...
Post subject: Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 4:06 pm
Active Member
Joined: May 2008 Posts: 837 Location: Nice question O,O
Omg that sogay how ppl can be naives............. plz plz my account plz id: dzdsd pw:dsdsds cc:1212121323 lol i'm sure some of them are turk.(sorry im not racism but they have a lack of languages understanding).
@lopas1: People are now able to read all message sent to the customer support, and 80% people give their id and pw and much more sometime.
Thank you for emailing Joymax Customer Support. Sorry for the inconvenience that caused you by experiencing hacking on your account. We do understand your state. However, we regret to inform you that we will not offer services regarding account theft/hacking for the time being for the purpose of providing better service in the future as what our policy declares. Users are responsible for maintaining the confidentiality of their own accounts and all relevant responsibilities attached to their accounts to keep away from hacker and any malicious circumstance. Same as email verification, if your registered email address is already verified using our new email verification service you cannot change it. Please check the email address before use, and please take care of your email address and password information if you verify your email.
고객님이 문의하신 사항은 아래와 같습니다 Hello, I have the following problem which I hacked into my account can not change pw wiel the verification email to mail is because hackers. I ask for help. ------------------------------------------------
They will not help you even if your account was hacked because of this fcking exploit!
Users browsing this forum: No registered users and 7 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
wtf are you talking about go quit your self 
