Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
dot.tk paypal payment system issue
Posted by: rohanpinto
Date: June 25, 2007 01:52PM

Register Domain as Free at www.dot.tk
Complete all registration requirements as mentioned there.
Now Login in to your account with ur details
Click on List my domains from sidebar
You will see your registred domain there
Now, click on upgrade Under the domain which you want to upgrade
Next page will open where you can see Order detail
Now select registration period as much time as you want.
You can register your domain for max 9 years
Then scroll down page and click on Paypal
Now wait for page to load, and click on Next at the following Page.
Now fill up all details there ( Enter Fake Details kyu k tum real me pay nahi kar rahe ho )
Now you will see the Paypal Payment Screen
Copy this URL and Paste it in your Browser and hit enter.
https://secure.dot.tk/cgi-bin/rnt1000.taloha/ConfirmPaypal
And Done! You have upgraded your domain as Premium :D
Now click on Modify Domain from side bar
Click on modify and Enter your DNS Settings
Now Your domain will be working at your OWN DNS


dot.tk admin notified...

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Date: June 25, 2007 02:42PM

Nice. I remember when .TK was "the thing" to do when you wanted to mask a free hosting service's URL.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: tr3ndkill
Date: June 26, 2007 08:39PM

wow you really should not have notified them... i could have gotten you 20 grand for this exploit

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: rohanpinto
Date: June 27, 2007 08:23AM

lol... thats what everybody else says too.. but aint it better for us to all wear a white hat ?

BTW: they have not fixed it even after I walked them throught the process of fixing it. as rumors go the following may be possible:

1. the original owner of the dot.tk domain is no longer...
2. the current owner is not a techie...
3. they have no audit trail for their domaisn purchased...
4. they dont know where to start (as tons of domains have been upgraded to "premium")

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: tx
Date: June 27, 2007 01:31PM

looks fixed

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: Anonymous User
Date: June 27, 2007 03:58PM

"but aint it better for us to all wear a white hat ? "

Yes it is!

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: Kyran
Date: June 27, 2007 06:25PM

My hat is a grey Fedora. _@_

- Kyran

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: tr3ndkill
Date: June 27, 2007 10:02PM

hey i did this and got myspace.tk for the next 9 years but i cant login to it am i missing something or did they patch this? it looked like it went through alright

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: rohanpinto
Date: June 28, 2007 10:20AM

try : http://my.dot.tk/cgi-bin/emailpasswd.taloha?fldemail=

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: Anonymous User
Date: June 29, 2007 05:30AM

*gg*

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: Royal2000H
Date: July 09, 2007 02:44PM

didn't work for me... probably fixed

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: rohanpinto
Date: July 10, 2007 09:49AM

@Royal200H

yep fixed.. and probably banned too :-)

questions for you... R u here to discover vulnerabilities and exploit them ? or learn ?

Options: ReplyQuote
Re: dot.tk paypal payment system issue
Posted by: Royal2000H
Date: July 16, 2007 06:16PM

rohanpinto Wrote:
-------------------------------------------------------
> @Royal200H
>
> yep fixed.. and probably banned too :-)
>
> questions for you... R u here to discover
> vulnerabilities and exploit them ? or learn ?


Answer for you.
Learn :P
A comment about a vulnerability isn't as good as first hand.
It was reported anyway and I have my own .com domain names so I have
no need for .tk names.

Options: ReplyQuote


Sorry, only registered users may post in this forum.