Posted 16 years ago
·
Author
Posted 14 years ago
Ok Don. See. If we can get all the files that are avaiable on IMVU server, then we'll go 90% more closer to hacking the whole site. Each site has a login.php file. Or whatever they name it.
Here is what it looks like.
___________________________________________________________
__________________________________________________________
Thats 1 type of code i made which works out their login. When someone presses the submit button. The server executes this php file. The 1st line means that it connects to the databasts. Here is the code in the file called connect_to_mysql.php
_________________________________________________________
_________________________________________________________
This connects to ur database where they store all information.
And then it continues. Second line checks the database if that email exists
. Then the third line as i said in other post the password is stored as md5. Then it checks it the hash exists. And then it checks for some other erroe etc. So if we get those file from IMVU server. Not even IMVU can stop / fix that.
Sorry can't put php starting and closing tag . If i did then the whole code dissappears.
Here is what it looks like.
___________________________________________________________
*php starting tag*
include 'connect_to_mysql.php';
$user_email = mysql_real_escape_string($_POST['email']);
if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_email FROM users WHERE
user_email = '$user_email' AND
user_pwd = '$md5pass' AND user_activated='1'";
$result = mysql_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);
if ( $num != 0 ) {
// A matching row was found - the user is authenticated.
session_start();
list($user_id,$user_email) = mysql_fetch_row($result);
// this sets variables in the session
$_SESSION['user']= $user_email;
if (isset($_GET['ret']) && !empty($_GET['ret']))
{
header("Location: $_GET[ret]");
} else
{
header("Location: myaccount.php");
}
//echo "Logged in...";
exit();
}
header("Location: login.php?msg=Invalid Login");
//echo "Error:";
exit();
}
*php closing tag*
__________________________________________________________
Thats 1 type of code i made which works out their login. When someone presses the submit button. The server executes this php file. The 1st line means that it connects to the databasts. Here is the code in the file called connect_to_mysql.php
_________________________________________________________
*php starting tag*
$dbname = 'phplogin';
$link = mysql_connect("localhost","root","") or die("Couldn't make connection.");
$db = mysql_select_db($dbname, $link) or die("Couldn't select database");
*php closing tag*
_________________________________________________________
This connects to ur database where they store all information.
And then it continues. Second line checks the database if that email exists
. Then the third line as i said in other post the password is stored as md5. Then it checks it the hash exists. And then it checks for some other erroe etc. So if we get those file from IMVU server. Not even IMVU can stop / fix that.
Sorry can't put php starting and closing tag . If i did then the whole code dissappears.
Posted 14 years ago
·
Author
So, you need to know where their database is located on their servers?
We know where that is from errors their site has sent us.
We have their server pretty well mapped.
By the way, where the hell did you get that login file from?
We know where that is from errors their site has sent us.
We have their server pretty well mapped.
/home/webadmin/website.69307/catalog/web_repair_account.php: 4
/home/webadmin/website.69307/catalog/includes/application_top.php: 805 (require_once)
/home/webadmin/website.69307/import/blue_bar.php: 57 (get_categorized_bars)
/home/webadmin/website.69307/import/promotion_campaign.php: 7 (active_promotions_for_user)
/home/webadmin/website.69307/import/promotion_campaign.php: 27 (active_promotions_targeted_to_customer)
/home/webadmin/website.69307/import/dynamic_rule.php: 87 (eval_all_rule)
/home/webadmin/website.69307/import/dynamic_rule.php: 157 (eval_rule)
/home/webadmin/website.69307/import/customer.php: 1394 (get_num_days_since_registration)
/home/webadmin/website.69307/import/customer.php: 1419 (get_regdate_from_phpbb_users)
/home/webadmin/website.69307/catalog/includes/functions/database.php: 159 (tep_db_query_cache)
/home/webadmin/website.69307/catalog/includes/functions/database.php: 350 (tep_db_query2_cache)
/home/webadmin/website.69307/catalog/includes/functions/database.php: 340 (tep_db_query2_cache_shard_uri)
/home/webadmin/website.69307/catalog/includes/functions/database_inner.php: 256 (tep_db_query2_cache_conn)
/home/webadmin/website.69307/catalog/includes/functions/database.php: 119 (tep_db_error)
Stack:
/home/webadmin/website.69307/catalog/modules.php: 94
/home/webadmin/website.69307/catalog/includes/modules/phpbb2/index.php: 188 (include)
/home/webadmin/website.69307/catalog/includes/modules/phpbb2/db/mysqlimvu.php: 70 (sql_query)
/home/webadmin/website.69307/catalog/includes/functions/database.php: 144 (tep_db_query)
/home/webadmin/website.69307/catalog/includes/functions/database.php: 159 (tep_db_query_cache)
/home/webadmin/website.69307/catalog/includes/functions/database.php: 350 (tep_db_query2_cache)
/home/webadmin/website.69307/catalog/includes/functions/database.php: 340 (tep_db_query2_cache_shard_uri)
/home/webadmin/website.69307/catalog/includes/functions/database_inner.php: 256 (tep_db_query2_cache_conn)
/home/webadmin/website.69307/catalog/includes/functions/database.php: 119 (tep_db_error)
Error:
TEP STOP: passing a product_id of -1, must be non-zero (value = false)
Stack:
/home/webadmin/website.60645/shop/web_search.php: 3
/home/webadmin/website.60645/shop/search.php: 384 (include)
/home/webadmin/website.60645/import/product.php: 887 (get_name)
/home/webadmin/website.60645/import/product.php: 232 (get_info)
/home/webadmin/website.60645/import/product.php: 188 (get_info_inner)
/home/webadmin/website.60645/catalog/includes/functions/errors.php: 349 (tep_assert)
Apache/2.0.63 (Debian GNU/Linux) PHP/4.3.10-19 mod_ssl/2.0.63 OpenSSL/0.9.7e Server at www.imvu.com Port 80
Error:
Database query error
Stack:
/home/webadmin/website.67096/catalog/web_index.php: 124
/home/webadmin/website.67096/home/index.php: 135 (include)
/home/webadmin/website.67096/home/includes/functions_userbox.php: 24 (tep_dashboard_emit_user_box)
/home/webadmin/website.67096/home/includes/functions_userbox.php: 132 (tep_dashboard_get_user_box_summary_string)
/home/webadmin/website.67096/home/includes/functions_userbox.php: 123 (_dashboard_user_box_total_count)
: (call_user_func)
/home/webadmin/website.67096/home/includes/functions_common.php: 526 (tep_dashboard_my_buddy_data)
/home/webadmin/website.67096/home/includes/functions_common.php: 507 (tep_dashboard_buddies_process)
/home/webadmin/website.67096/import/customer.php: 769 (is_enabled)
/home/webadmin/website.67096/import/customer.php: 421 (get_info)
/home/webadmin/website.67096/import/customer_activity.php: 16 (get_info)
/home/webadmin/website.67096/import/customer_activity.php: 33 (get_unprocessed_info)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 165 (tep_db_query_cache)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 356 (tep_db_query2_cache)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 346 (tep_db_query2_cache_shard_uri)
/home/webadmin/website.67096/catalog/includes/functions/database_inner.php: 256 (tep_db_query2_cache_conn)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 125 (tep_db_error)
* Database query error
Stack:
* /home/webadmin/website.67096/catalog/modules.php: 93
* /home/webadmin/website.67096/catalog/includes/modules/phpbb2/viewtopic.php: 739 (include)
* /home/webadmin/website.67096/import/ageverify.php: 71 (get_member_icon_html)
* /home/webadmin/website.67096/import/customer_option.php: 21 (get)
* /home/webadmin/website.67096/import/customer_option.php: 53 (_read_db)
* /home/webadmin/website.67096/catalog/includes/functions/database.php: 150 (tep_db_query)
* /home/webadmin/website.67096/catalog/includes/functions/database.php: 165 (tep_db_query_cache)
* /home/webadmin/website.67096/catalog/includes/functions/database.php: 356 (tep_db_query2_cache)
* /home/webadmin/website.67096/catalog/includes/functions/database.php: 346 (tep_db_query2_cache_shard_uri)
* /home/webadmin/website.67096/catalog/includes/functions/database_inner.php: 256 (tep_db_query2_cache_conn)
* /home/webadmin/website.67096/catalog/includes/functions/database.php: 125 (tep_db_error)
Error:
* Database query error
Stack:
* /home/webadmin/website.67096/rooms/index.php: 141
* /home/webadmin/website.67096/rooms/lister.php: 44 (include)
* /home/webadmin/website.67096/import/public_room_list.php: 598 (search)
* /home/webadmin/website.67096/catalog/includes/functions/memcache.php: 1203 (tep_cache_call)
* /home/webadmin/website.67096/catalog/includes/functions/memcache.php: 1240 (tep_cache_call_refresh)
* /home/webadmin/website.67096/catalog/includes/functions/memcache.php: 1154 (_cachecall_dispatch)
* : (call_user_func_array)
* /home/webadmin/website.67096/import/public_room_list.php: 732 (search_uncached)
* /home/webadmin/website.67096/import/public_room_list.php: 655 (_get_filtered_rooms)
* /home/webadmin/website.67096/import/customer.php: 785 (get_avatarname)
* /home/webadmin/website.67096/import/customer.php: 421 (get_info)
* /home/webadmin/website.67096/import/customer_activity.php: 16 (get_info)
* /home/webadmin/website.67096/import/customer_activity.php: 33 (get_unprocessed_info)
* /home/webadmin/website.67096/catalog/includes/functions/database.php: 165 (tep_db_query_cache)
* /home/webadmin/website.67096/catalog/includes/functions/database.php: 356 (tep_db_query2_cache)
* /home/webadmin/website.67096/catalog/includes/functions/database.php: 346 (tep_db_query2_cache_shard_uri)
* /home/webadmin/website.67096/catalog/includes/functions/database_inner.php: 256 (tep_db_query2_cache_conn)
* /home/webadmin/website.67096/catalog/includes/functions/database.php: 125 (tep_db_error)
Error:
Database query error
Stack:
/home/webadmin/website.67096/catalog/web_404.php: 87
/home/webadmin/website.67096/catalog/web_mypage.php: 183 (require)
/home/webadmin/website.67096/import/customer.php: 327 (get_profile_data)
/home/webadmin/website.67096/import/buddy.php: 628 (count_buddies)
/home/webadmin/website.67096/import/buddy.php: 568 (get_buddies)
/home/webadmin/website.67096/import/buddy.php: 89 (filter_disabled_accounts)
/home/webadmin/website.67096/import/customer.php: 769 (is_enabled)
/home/webadmin/website.67096/import/customer.php: 421 (get_info)
/home/webadmin/website.67096/import/customer_activity.php: 16 (get_info)
/home/webadmin/website.67096/import/customer_activity.php: 33 (get_unprocessed_info)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 165 (tep_db_query_cache)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 356 (tep_db_query2_cache)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 346 (tep_db_query2_cache_shard_uri)
/home/webadmin/website.67096/catalog/includes/functions/database_inner.php: 256 (tep_db_query2_cache_conn)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 125 (tep_db_error)
Error:
Database query error
Stack:
/home/webadmin/website.67096/catalog/web_mypage.php: 282
/home/webadmin/website.67096/catalog/web_mypage-rendering.php: 638 (include)
/home/webadmin/website.67096/catalog/web_mp_right.php: 16 (include)
/home/webadmin/website.67096/catalog/includes/functions/mypage-v4.php: 400 (setupPanelOrderArray)
/home/webadmin/website.67096/catalog/includes/functions/mypage-v4.php: 451 (echoPanelsHtml)
/home/webadmin/website.67096/catalog/mp4/visitors_panel.php: 31 (include)
/home/webadmin/website.67096/catalog/includes/functions/mypage_visitors.php: 183 (tep_mypage_recent_visitors)
/home/webadmin/website.67096/catalog/includes/functions/mypage_visitors.php: 168 (_mypage_recent_visitors_shard)
/home/webadmin/website.67096/catalog/includes/functions/avatar_info_min.php: 33 (tep_customer_get_avatarname)
/home/webadmin/website.67096/import/customer.php: 421 (get_info)
/home/webadmin/website.67096/import/customer_activity.php: 16 (get_info)
/home/webadmin/website.67096/import/customer_activity.php: 33 (get_unprocessed_info)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 165 (tep_db_query_cache)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 356 (tep_db_query2_cache)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 346 (tep_db_query2_cache_shard_uri)
/home/webadmin/website.67096/catalog/includes/functions/database_inner.php: 256 (tep_db_query2_cache_conn)
/home/webadmin/website.67096/catalog/includes/functions/database.php: 125 (tep_db_error)
Error:
* seriously malformed uri: ://
Stack:
* /home/webadmin/website.38744/catalog/web_submit_product.php: 135
* /home/webadmin/website.38744/catalog/includes/functions/product_submit.php: 544 (tep_productsubmit_handle_submission)
* /home/webadmin/website.38744/catalog/includes/functions/peer_review.php: 1151 (tep_peer_review_product_edit_event)
* /home/webadmin/website.38744/catalog/includes/functions/peer_review.php: 275 (tep_peer_review_cancel_review)
* /home/webadmin/website.38744/catalog/includes/functions/peer_review.php: 418 (tep_peer_review_close_review)
* /home/webadmin/website.38744/catalog/includes/functions/peer_review.php: 887 (tep_peer_review_get_review_summary)
* /home/webadmin/website.38744/catalog/includes/functions/memcache.php: 1045 (tep_cache_call)
* : (call_user_func_array)
* /home/webadmin/website.38744/catalog/includes/functions/peer_review.php: 546 (_peer_review_get_review_summary_from_db)
* /home/webadmin/website.38744/catalog/includes/functions/database.php: 616 (tep_db_query2_cache)
* /home/webadmin/website.38744/catalog/includes/functions/database.php: 587 (tep_db_query2_cache_shard_uri)
* /home/webadmin/website.38744/catalog/includes/functions/database.php: 511 (shard_db_conn_for_uri)
* /home/webadmin/website.38744/catalog/includes/functions/database.php: 477 (shard_url_for_uri)
* /home/webadmin/website.38744/catalog/includes/functions/logical_uri.php: 220 (tep_lookup_logical_uri)
* /home/webadmin/website.38744/catalog/includes/functions/logical_uri.php: 60 (tep_is_chat_uri)
* /home/webadmin/website.38744/catalog/includes/functions/logical_uri.php: 50 (tep_get_uri_scheme)
* /home/webadmin/website.38744/catalog/includes/functions/logical_uri.php: 44 (tep_parse_logical_uri)
By the way, where the hell did you get that login file from?
Last edited by Don Von Alpha Dom on Sun Feb 21, 2010 7:46 am, edited 1 time in total.
Posted 14 years ago
·
Author
Well, we know that they use phorum, phpbb2.0
We also know that their database key is the UserID which is a number that increments by 1 for each new user, just like a phpbb2.0 database. So, my guess is that they are using a modified phpbb2.0 database...much like our forums here.
~starts google hacking~
Their .d file can not hide from me.
We also know that their database key is the UserID which is a number that increments by 1 for each new user, just like a phpbb2.0 database. So, my guess is that they are using a modified phpbb2.0 database...much like our forums here.
~starts google hacking~
Their .d file can not hide from me.
Posted 14 years ago
·
Author
Webhost? I am pretty sure they use their own private servers inside of their building. We know this from when IMVU went down for 2 days in late 2007 due to them moving everything onto new servers during a building change.
Apache/2.0.63 (Debian GNU/Linux) PHP/4.3.10-19 mod_ssl/2.0.63 OpenSSL/0.9.7e Server at www.imvu.com Port 80
Apache/2.0.63 (Debian GNU/Linux) PHP/5.2.10-1imvu1 mod_ssl/2.0.63 OpenSSL/0.9.7e
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Status: ok
Dates: Created 29-apr-2004 Updated 19-dec-2008 Expires 29-apr-2018
DNS Servers: NS1.IMVU.COM NS2.IMVU.COM NS4.IMVU.COM NS5.IMVU.COM
Creation Date........ 2004-04-30
Registration Date.... 2008-12-20
Expiry Date.......... 2018-04-30
Organisation Name.... The Will Harvey Company
Organisation Address. 411 High Street
Organisation Address.
Organisation Address. Palo Alto
Organisation Address. 94301
Organisation Address. CA
Organisation Address. UNITED STATES
Admin Name........... Clare Tuma
Admin Address........ 411 High Street
Admin Address........
Admin Address........ Palo Alto
Admin Address........ 94301
Admin Address........ CA
Admin Address........ UNITED STATES
Admin Email.......... *****@imvu.com
Admin Phone.......... +1.6503218334
Admin Fax............
Tech Name............ Clare Tuma
Tech Address......... 411 High Street
Tech Address.........
Tech Address......... Palo Alto
Tech Address......... 94301
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... ************@imvu.com
Tech Phone........... +1.6503218334
Tech Fax.............
Name Server.......... NS5.IMVU.COM
Name Server.......... NS4.IMVU.COM
Name Server.......... NS2.IMVU.COM
Name Server.......... NS1.IMVU.COM
www.imvu.com MX 99 mx99.imvu.com.
www.imvu.com TXT "v=spf1 ip4:208.64.184.224/27 ip4:208.71.159.128/25 ip4:204.11.104.128/26 ?all"
Apache/2.0.63 (Debian GNU/Linux) PHP/4.3.10-19 mod_ssl/2.0.63 OpenSSL/0.9.7e Server at www.imvu.com Port 80
Apache/2.0.63 (Debian GNU/Linux) PHP/5.2.10-1imvu1 mod_ssl/2.0.63 OpenSSL/0.9.7e
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Status: ok
Dates: Created 29-apr-2004 Updated 19-dec-2008 Expires 29-apr-2018
DNS Servers: NS1.IMVU.COM NS2.IMVU.COM NS4.IMVU.COM NS5.IMVU.COM
Creation Date........ 2004-04-30
Registration Date.... 2008-12-20
Expiry Date.......... 2018-04-30
Organisation Name.... The Will Harvey Company
Organisation Address. 411 High Street
Organisation Address.
Organisation Address. Palo Alto
Organisation Address. 94301
Organisation Address. CA
Organisation Address. UNITED STATES
Admin Name........... Clare Tuma
Admin Address........ 411 High Street
Admin Address........
Admin Address........ Palo Alto
Admin Address........ 94301
Admin Address........ CA
Admin Address........ UNITED STATES
Admin Email.......... *****@imvu.com
Admin Phone.......... +1.6503218334
Admin Fax............
Tech Name............ Clare Tuma
Tech Address......... 411 High Street
Tech Address.........
Tech Address......... Palo Alto
Tech Address......... 94301
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... ************@imvu.com
Tech Phone........... +1.6503218334
Tech Fax.............
Name Server.......... NS5.IMVU.COM
Name Server.......... NS4.IMVU.COM
Name Server.......... NS2.IMVU.COM
Name Server.......... NS1.IMVU.COM
www.imvu.com MX 99 mx99.imvu.com.
www.imvu.com TXT "v=spf1 ip4:208.64.184.224/27 ip4:208.71.159.128/25 ip4:204.11.104.128/26 ?all"
Posted 14 years ago
Hmm.. A private server i c. Gonna be hard. So we frst gotta find a way to get into their database. If we do. then IMVU will be under our control. Cause i can change all the information in the database without the php script or their servers. We can make fake id's and change their email and send a forgot pass link. Just a way we need.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Select a forum
Protection
Help & Support
Introductions
Mafia News
IMVU News
General Discussion
IMVU Lounge
IMVU Series / Roleplaying
Social Games
Mafia Market
Mafia Tools
Premium IMVU Tools
Off Topic Tools
Off Topic
Contests
Creator Corner
Graphics Design
Photoshop
GIMP
Basic Creator Help
Catalog And Product Showcase
3D Meshing
3Ds Max
Sketchup
Blender
Gangsters with Connections
White Hat Activities
Google Hacking
Trackers
Programming Corner
Coding
Python
.Net (C#, VB, etc)
Flash
JAVA
Autoit
Batch
HTML & CSS
Javascript
PHP
Other
IMVU Homepage Codes
General
About me Panel
Messages Panel
Special Someone Panel
Visitors Panel
New Products Panel
Rankings Panel
Wishlist Panel
My Badges Panel
Outfits Panel
Url Panel
Groups Panel
Slideshow Panel
My Room Panel
Sandbox panel
Layouts
Help & Requests
Free Credits
Approved Methods
Submit Methods
Free Money
Approved Methods
Submit Methods
Adult Corner
Get Mafia AP Here
AP Lounge
AP Social Games
Casual Dating Tips
IMVU Slave Market & Escorts