OP 11 October, 2020 - 12:04 AM
(This post was last modified: 11 October, 2020 - 12:17 AM by Heavenscent.)
Cloned the site first of all so I had all your code to test - I'm not gonna rape a site I respect and use.
Basically you just have to bet a few times whilst paying very close attention
You make an injectable payload bypassing/changing whatever parameters you need to I was able to bypass ALL sellix as their API is public
I could create coupons as the seller for 99.99% off - this can also be done if you make a shitty website and post links to shit you want from sellix then inject at your hearts content
Some of this can even be done my pushing F+12 and posting in console
Not to mention your authentication system is on gihub (not sure if you've changed it) but a program could be made bruteforcing (or the other one I can't mind the name) the request to add Upgrades or credits
Also using AI programmed in a bot you can go from.a premium Auth key to supreme after a little machine learning
Burp suite will help you here as well as other tools no low quality GitHub branches your need the good software (Dr.ZarZar) has top 3 to find the stuff I did to fake admin privileges
You just need to change the code up slightly perhaps an apply and acceptance to certain areas of the forum?
I wish I didn't delete this now cus I could've send the code or at least screen recorded the process..
But yea HQ dev tools and pentesting
Also here is a resource i used to make up the injection:
https://github.com/danielmiessler/SecLists
Everything I did I could put in software easily and j was tempted just for the sheer fact of testing it out.... So done nulled & breakingin Sam's attacks work
https://github.com/swisskyrepo/PayloadsAllTheThings
https://github.com/fuzzdb-project/fuzzdb
I'd pay close attention to those when testing
Advanced user status can be gained by injecting fake cookies sometimes to
@Liars
@Darkness @Teken
Also just wanna reiterate I haven't used this on here as you can see my stats are the same - I cloned the site and self hosted and performed everything on the clone
![[Image: be_1.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fbitero.io%2Fimg%2Fbe%2Fbe_1.gif)
Basically you just have to bet a few times whilst paying very close attention
You make an injectable payload bypassing/changing whatever parameters you need to I was able to bypass ALL sellix as their API is public
I could create coupons as the seller for 99.99% off - this can also be done if you make a shitty website and post links to shit you want from sellix then inject at your hearts content
Some of this can even be done my pushing F+12 and posting in console
Not to mention your authentication system is on gihub (not sure if you've changed it) but a program could be made bruteforcing (or the other one I can't mind the name) the request to add Upgrades or credits
Also using AI programmed in a bot you can go from.a premium Auth key to supreme after a little machine learning
Burp suite will help you here as well as other tools no low quality GitHub branches your need the good software (Dr.ZarZar) has top 3 to find the stuff I did to fake admin privileges
You just need to change the code up slightly perhaps an apply and acceptance to certain areas of the forum?
I wish I didn't delete this now cus I could've send the code or at least screen recorded the process..
But yea HQ dev tools and pentesting
Also here is a resource i used to make up the injection:
https://github.com/danielmiessler/SecLists
Everything I did I could put in software easily and j was tempted just for the sheer fact of testing it out.... So done nulled & breakingin Sam's attacks work
https://github.com/swisskyrepo/PayloadsAllTheThings
https://github.com/fuzzdb-project/fuzzdb
I'd pay close attention to those when testing
Advanced user status can be gained by injecting fake cookies sometimes to
@Liars
@
Also just wanna reiterate I haven't used this on here as you can see my stats are the same - I cloned the site and self hosted and performed everything on the clone
![[Image: blgL61y.gif]](https://i.imgur.com/blgL61y.gif)
![[Image: CUfRmpx.gif]](https://i.imgur.com/CUfRmpx.gif)
![[Image: ezgif-3-47cb4ec9e5.gif]](https://i.ibb.co/LJryFqL/ezgif-3-47cb4ec9e5.gif)
![[Image: I4kF791.gif]](https://imgur.com/I4kF791.gif)