Page 1 of 3
Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 2:56 pm
by Razorhead
New Joymax Website exploit:
http://supportcp.joymax.com/demo/mail/e ... ardAll.jspDO NOT SEND SUPPORT MESSAGE THAT HAVE ACCOUNT NAME AND PASSWORD TO JOYMAX!!!All the post are public and if you look at rev6 forum, the exploit was found like this:
pic1 ,
pic2. Basically if you send them a message using your account that has a premium, you can from there browse from their website to the admin mailbox without any password with only 3 mouse clicks. Enter any username and password you want, they are all valid...
They better fix it soon, I don't even want to contact Joymax knowing that everyone can view everything...
This is another huge FAILED! for Joymax -_-
Credit goes to _TANGUITO_ for posting it on rev6 forum.
Joymax NEED to fix it as soon as possible before another exploit come out of it (sql injection, cross site scripting exploit etc...)
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 2:59 pm
by pr0klobster
oh boy...yeah, you can just type random characters in that ID and password field, and I see tons of emails in there. Not good!
edit: OH MAN this looks bad...at first, I thought it might be a demo, but I see people in there that I have seen on Olympus...and more that show up on rev6...this appears to be true.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:02 pm
by Razorhead
Now the proof this isn't a hoax:
Just found my own question in their site
- question support.JPG (80.04 KiB) Viewed 6929 times
- reply jm support.JPG (70.14 KiB) Viewed 6909 times
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:14 pm
by Strwarrior
Yes, the 1st post is true.. i just saw some1 saying about his lvl 90 account.. with id and pw.. omg these guys are crazy.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:16 pm
by Lowis
Looks like korean people respond using that.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:17 pm
by hapnz
lol i bet lots of ppl are already scanning through all the posts
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:17 pm
by aznronin
Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people this time, if what i asked is true...
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:19 pm
by pr0klobster
aznronin wrote:Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people this time, if what i asked is true...
so far, that appears to be the case from what we can see
Although, I am unsure of the premium thing because I'm at work, how would they know? I'm just putting in garbage characters for ID and password.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:22 pm
by Razorhead
pr0klobster wrote:aznronin wrote:Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people this time, if what i asked is true...
so far, that appears to be the case from what we can see
Although, I am unsure of the premium thing because I'm at work, how would they know? I'm just putting in garbage characters for ID and password.
U don't need prem or even silk.
Just tested it with a acc without silk.
Login to joymax portal, go to sro Q&A history; then on the "home" sign
Then on that inbox image & start reading.
Found already 2 acc id & pw; both blocked for chargeback ><
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:23 pm
by YangKang
Ive got a lvl 90 force glaive o_o to bad he has only a lvl 24 glaive left.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:25 pm
by aznronin
YangKang wrote:Ive got a lvl 90 force glaive o_o to bad he has only a lvl 24 glaive left.
are you serious?
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:26 pm
by pr0klobster
Razorhead wrote:pr0klobster wrote:aznronin wrote:Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people this time, if what i asked is true...
so far, that appears to be the case from what we can see
Although, I am unsure of the premium thing because I'm at work, how would they know? I'm just putting in garbage characters for ID and password.
U don't need prem or even silk.
Just tested it with a acc without silk.
Login to joymax portal, go to sro Q&A history; then on the "home" sign
Then on that inbox image & start reading.
Found already 2 acc id & pw; both blocked for chargeback ><
What I'm saying is that I haven't logged on to the Joymax portal from work. There is no way to refer to my account from this computer. It's more wide open than we think. ANYONE can see this. People don't even need SRO accounts.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:26 pm
by YangKang
aznronin wrote:YangKang wrote:Ive got a lvl 90 force glaive o_o to bad he has only a lvl 24 glaive left.
are you serious?
http://www.rev6.com/player.asp?id=627612That guy posted his ID&PW
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:31 pm
by Rush4Life
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:32 pm
by YangKang
I want that one :p Might doing a exchange haha?
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:34 pm
by pr0klobster
I went way back through the emails...several people have emailed much more information than they should have
(like phone numbers, cc#, etc)
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:36 pm
by BloodyBlade
Get this message to popular game sites & everybody will know this.
This will mean nobody will play sro anymore, so no silk buyers anymore
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:37 pm
by aznronin
I'm started to get worried...
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:38 pm
by Swindler
Question
soooo support the damn fking sever are ALL FULL can you make the fking server higher taht more people can connect
Answer:
Dear Valued Customer,
Greetings from Joymax Customer Support Team!
We received your email regarding the server traffic problem that you are experiencing. We are sorry for the inconvenience that this may have caused you.
We suggest that you should try our Premium Gold Time Plus (4 weeks) were you can have a special bonus of preferred game access to the game that users can log into the game during server traffic hours.
*Also, please try to check your PC specification, get a faster connection that utilizes ADSL, VDSL, T3 lines, a faster computer faster/more efficient CPU, graphic card, or RAM.
Thank you for emailing Joymax Customer Support.
For further details and support, kindly visit our website at
http://www.joymax.com/silkroad.
Sincerely yours,
Joymax Customer Support Team
HAHHAHAHA
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:40 pm
by aznronin
HejsaN wrote:Question
soooo support the damn fking sever are ALL FULL can you make the fking server higher taht more people can connect
Answer:
Dear Valued Customer,
Greetings from Joymax Customer Support Team!
We received your email regarding the server traffic problem that you are experiencing. We are sorry for the inconvenience that this may have caused you.
We suggest that you should try our Premium Gold Time Plus (4 weeks) were you can have a special bonus of preferred game access to the game that users can log into the game during server traffic hours.
*Also, please try to check your PC specification, get a faster connection that utilizes ADSL, VDSL, T3 lines, a faster computer faster/more efficient CPU, graphic card, or RAM.
Thank you for emailing Joymax Customer Support.
For further details and support, kindly visit our website at
http://www.joymax.com/silkroad.
Sincerely yours,
Joymax Customer Support Team
HAHHAHAHA
So I guess this is the end for us guys?
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:41 pm
by DarkJackal
aznronin wrote:Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people again, if what i asked is true...
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:45 pm
by Lowis
Bets that they'll cover it up just like the Joymax portal exploit.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 3:57 pm
by OTG
LOL another FailMax. I suggest you all quit!
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 4:04 pm
by lopasas
ok now i get it
like i ever send e-mails to joymax, geez worthless topic...
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 4:06 pm
by SwordCloud
Omg that sogay how ppl can be naives.............
plz plz my account plz id: dzdsd
pw:dsdsds
cc:1212121323
lol i'm sure some of them are turk.(sorry im not racism but they have a lack
of languages understanding).
@lopas1:
People are now able to read all message sent to the customer support,
and 80% people give their id and pw and much more sometime.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 4:08 pm
by asusi
OTG wrote:LOL another FailMax. I suggest you all quit!
wtf are you talking about go quit your self
glad i never mailed them
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 4:16 pm
by AnarChaos
ROFL read this:
--------------------
Dear Valued Customer,
Greetings from Joymax Customer Support Team!
Thank you for emailing Joymax Customer Support. Sorry for the inconvenience that caused you by experiencing hacking on your account. We do understand your state.
However, we regret to inform you that we will not offer services regarding account theft/hacking for the time being for the purpose of providing better service in the future as what our policy declares. Users are responsible for maintaining the confidentiality of their own accounts and all relevant responsibilities attached to their accounts to keep away from hacker and any malicious circumstance. Same as email verification, if your registered email address is already verified using our new email verification service you cannot change it. Please check the email address before use, and please take care of your email address and password information if you verify your email.
For further details and support, kindly visit our website at
http://www.joymax.com/silkroad Thank you for your understanding.
Sincerely yours,
Joymax Customer Support Team
고객님이 문의하신 사항은 아래와 같습니다
Hello, I have the following problem which I hacked into my account can not change pw wiel the verification email to mail is because hackers.
I ask for help.
------------------------------------------------
They will not help you even if your account was hacked because of this fcking exploit!
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 4:23 pm
by Mousetrap
Who the f.uck gives their ID and password out, especially CC # in a JM support email.
At any rate.. I've never used the support thing, so meh.
@YangKang, hope you get forums banned scammer.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 4:27 pm
by DotCom
Its Joymax who asks for server, char name and ID for verification purposes. But those who included more info than that are screwed.
Re: Newest hackmethod - fail by joymax..
Posted: Fri Jan 30, 2009 4:32 pm
by StacE
BAHAHAHA
quit now.
