Newest hackmethod - fail by joymax..

[Razorhead]

New Joymax Website exploit:
http://supportcp.joymax.com/demo/mail/e ... ardAll.jsp

DO NOT SEND SUPPORT MESSAGE THAT HAVE ACCOUNT NAME AND PASSWORD TO JOYMAX!!!

All the post are public and if you look at rev6 forum, the exploit was found like this: pic1 , pic2. Basically if you send them a message using your account that has a premium, you can from there browse from their website to the admin mailbox without any password with only 3 mouse clicks. Enter any username and password you want, they are all valid...
They better fix it soon, I don't even want to contact Joymax knowing that everyone can view everything...
This is another huge FAILED! for Joymax -_-
Credit goes to _TANGUITO_ for posting it on rev6 forum.

Joymax NEED to fix it as soon as possible before another exploit come out of it (sql injection, cross site scripting exploit etc...)

[pr0klobster]

oh boy...yeah, you can just type random characters in that ID and password field, and I see tons of emails in there. Not good!

edit: OH MAN this looks bad...at first, I thought it might be a demo, but I see people in there that I have seen on Olympus...and more that show up on rev6...this appears to be true.

[Razorhead]

Now the proof this isn't a hoax:
Just found my own question in their site

question support.JPG (80.04 KiB) Viewed 6923 times

reply jm support.JPG (70.14 KiB) Viewed 6903 times

[Strwarrior]

Yes, the 1st post is true.. i just saw some1 saying about his lvl 90 account.. with id and pw.. omg these guys are crazy.

[Lowis]

Looks like korean people respond using that.

[hapnz]

lol i bet lots of ppl are already scanning through all the posts

[aznronin]

Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people this time, if what i asked is true...

[pr0klobster]

Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people this time, if what i asked is true...

so far, that appears to be the case from what we can see

Although, I am unsure of the premium thing because I'm at work, how would they know? I'm just putting in garbage characters for ID and password.

[Razorhead]

Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people this time, if what i asked is true...

so far, that appears to be the case from what we can see

Although, I am unsure of the premium thing because I'm at work, how would they know? I'm just putting in garbage characters for ID and password.

U don't need prem or even silk.
Just tested it with a acc without silk.
Login to joymax portal, go to sro Q&A history; then on the "home" sign
Then on that inbox image & start reading.

Found already 2 acc id & pw; both blocked for chargeback ><

[YangKang]

Ive got a lvl 90 force glaive o_o to bad he has only a lvl 24 glaive left.

[aznronin]

Ive got a lvl 90 force glaive o_o to bad he has only a lvl 24 glaive left.

are you serious?

[pr0klobster]

Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people this time, if what i asked is true...

so far, that appears to be the case from what we can see

Although, I am unsure of the premium thing because I'm at work, how would they know? I'm just putting in garbage characters for ID and password.

U don't need prem or even silk.
Just tested it with a acc without silk.
Login to joymax portal, go to sro Q&A history; then on the "home" sign
Then on that inbox image & start reading.

Found already 2 acc id & pw; both blocked for chargeback ><

What I'm saying is that I haven't logged on to the Joymax portal from work. There is no way to refer to my account from this computer. It's more wide open than we think. ANYONE can see this. People don't even need SRO accounts.

[YangKang]

Ive got a lvl 90 force glaive o_o to bad he has only a lvl 24 glaive left.

are you serious?

http://www.rev6.com/player.asp?id=627612

That guy posted his ID&PW

[Rush4Life]

This guy too: http://www.rev6.com/player.asp?id=493218

[YangKang]

This guy too: http://www.rev6.com/player.asp?id=493218

I want that one :p Might doing a exchange haha?

[pr0klobster]

I went way back through the emails...several people have emailed much more information than they should have (like phone numbers, cc#, etc)

[BloodyBlade]

Get this message to popular game sites & everybody will know this.
This will mean nobody will play sro anymore, so no silk buyers anymore

[aznronin]

I'm started to get worried...

[Swindler]

Question

soooo support the damn fking sever are ALL FULL can you make the fking server higher taht more people can connect

Answer:

Dear Valued Customer,
Greetings from Joymax Customer Support Team!

We received your email regarding the server traffic problem that you are experiencing. We are sorry for the inconvenience that this may have caused you.

We suggest that you should try our Premium Gold Time Plus (4 weeks) were you can have a special bonus of preferred game access to the game that users can log into the game during server traffic hours.


*Also, please try to check your PC specification, get a faster connection that utilizes ADSL, VDSL, T3 lines, a faster computer faster/more efficient CPU, graphic card, or RAM.

Thank you for emailing Joymax Customer Support.

For further details and support, kindly visit our website at http://www.joymax.com/silkroad.


Sincerely yours,

Joymax Customer Support Team

HAHHAHAHA

[aznronin]

Question

soooo support the damn fking sever are ALL FULL can you make the fking server higher taht more people can connect

Answer:

Dear Valued Customer,
Greetings from Joymax Customer Support Team!

We received your email regarding the server traffic problem that you are experiencing. We are sorry for the inconvenience that this may have caused you.

We suggest that you should try our Premium Gold Time Plus (4 weeks) were you can have a special bonus of preferred game access to the game that users can log into the game during server traffic hours.


*Also, please try to check your PC specification, get a faster connection that utilizes ADSL, VDSL, T3 lines, a faster computer faster/more efficient CPU, graphic card, or RAM.

Thank you for emailing Joymax Customer Support.

For further details and support, kindly visit our website at http://www.joymax.com/silkroad.


Sincerely yours,

Joymax Customer Support Team

HAHHAHAHA

So I guess this is the end for us guys?

[DarkJackal]

Alright so then, in these emails, everyone who has prem can read it, and if you put personal information you are screwd right?
Man this is serious, joymax seriously screwd people again, if what i asked is true...

[Lowis]

Bets that they'll cover it up just like the Joymax portal exploit.

[OTG]

LOL another FailMax. I suggest you all quit!

[lopasas]

ok now i get it
like i ever send e-mails to joymax, geez worthless topic...

[SwordCloud]

Omg that sogay how ppl can be naives.............
plz plz my account plz id: dzdsd
pw:dsdsds
cc:1212121323
lol i'm sure some of them are turk.(sorry im not racism but they have a lack
of languages understanding).

@lopas1:
People are now able to read all message sent to the customer support,
and 80% people give their id and pw and much more sometime.

[asusi]

LOL another FailMax. I suggest you all quit!

wtf are you talking about go quit your self
glad i never mailed them

[AnarChaos]

ROFL read this:
--------------------
Dear Valued Customer,



Greetings from Joymax Customer Support Team!



Thank you for emailing Joymax Customer Support. Sorry for the inconvenience that caused you by experiencing hacking on your account. We do understand your state. However, we regret to inform you that we will not offer services regarding account theft/hacking for the time being for the purpose of providing better service in the future as what our policy declares. Users are responsible for maintaining the confidentiality of their own accounts and all relevant responsibilities attached to their accounts to keep away from hacker and any malicious circumstance. Same as email verification, if your registered email address is already verified using our new email verification service you cannot change it. Please check the email address before use, and please take care of your email address and password information if you verify your email.



For further details and support, kindly visit our website at http://www.joymax.com/silkroad





Thank you for your understanding.



Sincerely yours,

Joymax Customer Support Team






고객님이 문의하신 사항은 아래와 같습니다
Hello, I have the following problem which I hacked into my account can not change pw wiel the verification email to mail is because hackers.
I ask for help.
------------------------------------------------

They will not help you even if your account was hacked because of this fcking exploit!

[Mousetrap]

Who the f.uck gives their ID and password out, especially CC # in a JM support email.
At any rate.. I've never used the support thing, so meh.

@YangKang, hope you get forums banned scammer.

[DotCom]

Its Joymax who asks for server, char name and ID for verification purposes. But those who included more info than that are screwed.

[StacE]

BAHAHAHA

quit now.