LinkBack URL
About LinkBacks
[TuT]FREE $19.99 from Dating site exploit!! Unlimited tries! You NEED to use a US/UK/AUD/CAD proxy VPN, AND ! IMPORTANT! ENTER US/UK/AUD/CAD location details!! For example US/postcode: 10001 etc
Lets cut straight to the chase. You may have heard about reverse membership exploits before, it works when web pages are configured wrong, and allows a user to trick the server into thinking the have paid for registration.
The trick here, though, is not to gain a free 'paid' membership, but to refund that paid membership, once gotten for free.
For example, you visit a website as a free user, and the web address ends in:
Code:members/wvasp=w3e11.php
However, upon buying a membership, the user notices the web address now ends in:
Code:members/wvasp=w3e13.php
Note the change from the value '11' to '13.'
So, when the user is a member, he has the option to CANCEL his membership, thus refunding however much he paid for, minus a little commission fee.
So, here is the trick.
As a free user, you sign up as a member, confirm your email (The one you use with your paypal account) and confirm your registration, as a FREE user. You must complete the initial registration for it to work.
You have currently spent $0. Next step, is to log out, then log in again, then change the web address from
toCode:www.example.com/members/wvasp=w3e11.php
Code:www.example.com/members/wvasp=w3e13.php
, noticing you changed the privilege escalation to a paid member level!!
Now, you simply go to account settings, and cancel your 'membership' which you allegedly paid for. Just remember most sites will only accept paypal from certain countries, so if using a proxy (I reccomend but dont do it myself lol) you must use from Europe, Canada, USA, or Australia.
Now, lets try it out, shall we?
Here is a new fresh site it is currently working on: http://is.gd/QkSrhv
Sign up with any username, and random info if need be. But you MUST put that you are MALE seeking FEMALE for the membership to work.
BUT use the email address that is linked with your paypal.
If you do not have one use ANY email address, you can add a paypal later
Example info:
I am a : MALE
seeking a : FEMALE
Postcode: 10001
Country : US
Once you have entered the info, it comes up with a login screen.
Here you will visit your email and copy the temporary password it gives you, supplied in your email.
Now paste it in the login screen and log in!
Now you must complete three simple fields, to confirm your registration, this step is essential in eventually tricking the server.
Now you will hit one final page where you have to fill out some infos.
Here are some examples, dont use these, mix it up a little! Make it look believable.
1) Introduction title: "Hi my name is Charles and I have a foot fetish"
2) Text: "Living in Los Vegas want sexy talk and horny roommate"
3) Describe what you are looking for: "Looking for girls with style, attitude, short hair, and bouncy titts!"
And thats it! You're almost done the initial proceedure! Click register.
Now your address should look like this:Code:www.amateurmatch.com/members/#
Simple change it to this!
Code:www.amateurmatch.com/members/index.php?PHPSESSID=a125fbd71bdfa0f850538f661bdef8db&le=2(alert_script='0')
It will almost give an error, then return to the home page!
Now log out, log back in, and, if you have done everything correctly, go to account settings, and you will see you have a 'paid' membership. Simply click cancel membership, and the money you 'paid' will be returned to your paypal account!!
If you cannot view this option, your email is incorrect, you have not properly registered, or you have incorrectly linked your paypal account.
If it doesnt work for you, please contact me, or it means it has been patched already :/
Enjoy!!
Reply With Quote
Originally Posted by mr_ice 
