CCBill.com multiple vulnerabilities

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • The Porn Nerd
    Living The Dream
    • Jun 2009
    • 19787

    #51
    FIDDY CCBILL VULNERABILITIES!!!

    I can't believe I beat Woj to the punch. WooHoo! Ahem.
    My Affiliate Programs:
    Porn Nerd Cash | Porn Showcase | Aggressive Gold

    Over 90 paysites to promote!
    Now on Teams: peabodymedia

    Comment

    • CYF
      Coupon Guru
      • Mar 2009
      • 10973

      #52
      still waiting for a ccbill fix.
      Webmaster Coupons Coupons and discounts for hosting, domains, SSL Certs, and more!
      AmeriNOC Coupons | Certified Hosting Coupons | Hosting Coupons | Domain Name Coupons

      Comment

      • candyflip
        Carpe Visio
        • Jul 2002
        • 43069

        #53
        They are too busy counting their monies.

        Spend you some brain.
        Email Me

        Comment

        • V_RocKs
          Damn Right I Kiss Ass!
          • Nov 2003
          • 32449

          #54
          CCBILL has had this problem for years... Why change anything now?

          Comment

          • mlove
            the guy
            • Apr 2005
            • 764

            #55
            Originally posted by BFT3K
            I am not defending CCBill here, and hopefully they have read this post, and are immediately working to correct these issues.

            But I want to add, for whatever its worth, it appears EVERYTHING currently on the web is insecure nowadays - from major banks, to EVERY social network, to almost EVERY method of online processing, all the way up to Top Secret classified military documents!

            It really is the fucking wild wild west out here...
            Not everything.

            PHP Code:
            <?php echo "hello."; ?>
            Hack my php script.
            If you won't feel as good, I won't feel as cheap.

            Comment

            • NikKay
              Confirmed User
              • Aug 2001
              • 1642

              #56
              Originally posted by DirtyWhiteBoy
              Awesome.

              Comment

              • V_RocKs
                Damn Right I Kiss Ass!
                • Nov 2003
                • 32449

                #57
                Nice script

                Comment

                • Axzar
                  Random Jackass
                  • Feb 2003
                  • 1837

                  #58
                  Get an alternate merchant account already. Quit paying 15% or more. See Sig Below. Free to Apply.

                  Comment

                  • DVTimes
                    xxx
                    • Jun 2003
                    • 31658

                    #59
                    Originally posted by CCBill Paul
                    We are and have been looking into this.
                    cool stuff

                    hope its fixed soon
                    XXX

                    Comment

                    • Mock NyaMout
                      Confirmed User
                      • Sep 2009
                      • 514

                      #60
                      I got the answer

                      Comment

                      • CYF
                        Coupon Guru
                        • Mar 2009
                        • 10973

                        #61
                        still no reply?
                        Webmaster Coupons Coupons and discounts for hosting, domains, SSL Certs, and more!
                        AmeriNOC Coupons | Certified Hosting Coupons | Hosting Coupons | Domain Name Coupons

                        Comment

                        • SallyRand
                          So Fucking Banned
                          • Jan 2008
                          • 3487

                          #62
                          Originally posted by CCBill Paul
                          We are and have been looking into this.
                          Paul, don't "LOOK INTO IT", FUCKING FIX IT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

                          ;)

                          Sally.

                          Comment

                          • CYF
                            Coupon Guru
                            • Mar 2009
                            • 10973

                            #63
                            still no reply?
                            Webmaster Coupons Coupons and discounts for hosting, domains, SSL Certs, and more!
                            AmeriNOC Coupons | Certified Hosting Coupons | Hosting Coupons | Domain Name Coupons

                            Comment

                            • Socks
                              Confirmed User
                              • May 2002
                              • 8475

                              #64
                              At one point in time I was aware of how to create logins and passwords on any CCBill site, I believe it worked like a charm. Was years ago though.

                              Comment

                              • May-Netpay
                                Registered User
                                • Mar 2010
                                • 29

                                #65
                                why using CCbill where you can use NetPay international ..a leader in providing on-line, real-time payment processing solutions in a solid, secure and reliable manner.

                                not only secure, but has advanced technology and new payment solution to European customers.

                                contact me for info.
                                May

                                May Yedidya
                                International Sales


                                Netpay International Ltd [
                                Office +972 3 612 69 66
                                Mob +972 52 330 22 23
                                [email protected]
                                ADULT ONLINE MERCHANT ACCOUNT

                                Comment

                                • MMarko
                                  Confirmed User
                                  • Jun 2007
                                  • 160

                                  #66
                                  Again only one who is losing money are affiliates. CCbill gets it's cut, sponsor too. Also problems with CCbill sales started around those dates mentioned in report...
                                  dlXer - web design, developing, managed hosting, website optimizations

                                  Comment

                                  • MMarko
                                    Confirmed User
                                    • Jun 2007
                                    • 160

                                    #67
                                    Originally posted by closer
                                    a financial/banking site should be held up to much higher security standard
                                    if these vulnerabilities are true, then ccbill security is below ANY standard
                                    dlXer - web design, developing, managed hosting, website optimizations

                                    Comment

                                    • k0nr4d
                                      Confirmed User
                                      • Aug 2006
                                      • 9231

                                      #68
                                      Originally posted by May-Netpay
                                      why using CCbill where you can use NetPay international ..a leader in providing on-line, real-time payment processing solutions in a solid, secure and reliable manner.

                                      not only secure, but has advanced technology and new payment solution to European customers.

                                      contact me for info.
                                      May
                                      Classy Bump...
                                      Last edited by k0nr4d; 09-16-2010, 06:40 AM.
                                      Mechanical Bunny Media
                                      Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

                                      Comment

                                      • CYF
                                        Coupon Guru
                                        • Mar 2009
                                        • 10973

                                        #69
                                        has this been fixed yet?
                                        Webmaster Coupons Coupons and discounts for hosting, domains, SSL Certs, and more!
                                        AmeriNOC Coupons | Certified Hosting Coupons | Hosting Coupons | Domain Name Coupons

                                        Comment

                                        • signupdamnit
                                          Confirmed User
                                          • Aug 2007
                                          • 6697

                                          #70
                                          Originally posted by CYF
                                          has this been fixed yet?
                                          I hope so. It would really suck to wake up one day and hear Visa or someone has shut down CCbill for "certain program deficiencies".

                                          You don't like my posts? Put me on ignore or fuck right off. I'll say what I want.

                                          Comment

                                          • CYF
                                            Coupon Guru
                                            • Mar 2009
                                            • 10973

                                            #71
                                            Originally posted by signupdamnit
                                            I hope so. It would really suck to wake up one day and hear Visa or someone has shut down CCbill for "certain program deficiencies".
                                            somehow I don't think it's fixed yet
                                            Webmaster Coupons Coupons and discounts for hosting, domains, SSL Certs, and more!
                                            AmeriNOC Coupons | Certified Hosting Coupons | Hosting Coupons | Domain Name Coupons

                                            Comment

                                            • Zyber
                                              Confirmed User
                                              • Aug 2001
                                              • 832

                                              #72
                                              Come on guys. Give them some time to fix it.

                                              In 2005 I complained to CCBill that their website was a pain in the ass and not user-friendly to use. Now 5 years later look how much (or nothing) has changed. The website still looks like Web 1.0. However, the CCBill private jet sure does look fine.

                                              Epoch is also weak code. Just try to sign up as an affiliate and notice the bugs in the sign-up form. The programmer didn't know (or was too lazy) to dynamically fill in the SELECT boxes or the RADIO buttons. They lose their values when the form is recreated during the field validation process. With such newbie errors present one can only fear that the same programmer has been to lazy to sanitize inputs other places in the code, thus allowing for SQL injections.

                                              Comment

                                              • Davy
                                                Confirmed User
                                                • Apr 2006
                                                • 4323

                                                #73
                                                The website looks bogus. If it was possible to write to CCBill's server, the easiest way to alert CCBill about the problem would be to deface their website.
                                                ---
                                                ICQ 14-76-98 <-- I don't use this at all

                                                Comment

                                                • HomerSimpson
                                                  Too lazy to set a custom title
                                                  • Sep 2005
                                                  • 13826

                                                  #74
                                                  Originally posted by Zyber
                                                  Come on guys. Give them some time to fix it.

                                                  In 2005 I complained to CCBill that their website was a pain in the ass and not user-friendly to use. Now 5 years later look how much (or nothing) has changed. The website still looks like Web 1.0. However, the CCBill private jet sure does look fine.

                                                  Epoch is also weak code. Just try to sign up as an affiliate and notice the bugs in the sign-up form. The programmer didn't know (or was too lazy) to dynamically fill in the SELECT boxes or the RADIO buttons. They lose their values when the form is recreated during the field validation process. With such newbie errors present one can only fear that the same programmer has been to lazy to sanitize inputs other places in the code, thus allowing for SQL injections.
                                                  yes, their UI is pure SHIT!
                                                  for a few thousand dollars they could re-design the whole site and have
                                                  a new fresh look that would pay for it self in matter of days!
                                                  Make a bank with Chaturbate - the best selling webcam program
                                                  Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

                                                  PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

                                                  Comment

                                                  • candyflip
                                                    Carpe Visio
                                                    • Jul 2002
                                                    • 43069

                                                    #75
                                                    Of course it isn't fixed. This is CCBill we're talking about.

                                                    As I said up top, they're too busy counting their monies to worry about real issues.

                                                    Spend you some brain.
                                                    Email Me

                                                    Comment

                                                    • buyandsell
                                                      Confirmed User
                                                      • May 2008
                                                      • 692

                                                      #76
                                                      ccbill still getting hacked eh

                                                      Comment

                                                      • CyberHustler
                                                        Masterbaiter
                                                        • Feb 2006
                                                        • 28736

                                                        #77
                                                        CCBill, why get this topic locked?
                                                        http://gfy.com/showthread.php?t=992256
                                                        “If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

                                                        Comment

                                                        • blackmonsters
                                                          Making PHP work
                                                          • Nov 2002
                                                          • 20966

                                                          #78
                                                          PHP for the WIN.....




                                                          ....for hackers of course.



                                                          LOL!
                                                          Free Open Source Live Aggregated Cams Script (FOSLACS)

                                                          Comment

                                                          • CYF
                                                            Coupon Guru
                                                            • Mar 2009
                                                            • 10973

                                                            #79
                                                            Originally posted by Davy
                                                            The website looks bogus. If it was possible to write to CCBill's server, the easiest way to alert CCBill about the problem would be to deface their website.
                                                            it's not bogus.
                                                            Webmaster Coupons Coupons and discounts for hosting, domains, SSL Certs, and more!
                                                            AmeriNOC Coupons | Certified Hosting Coupons | Hosting Coupons | Domain Name Coupons

                                                            Comment

                                                            • RonC
                                                              Confirmed User
                                                              • Jul 2002
                                                              • 236

                                                              #80
                                                              Originally posted by Davy
                                                              The website looks bogus. If it was possible to write to CCBill's server, the easiest way to alert CCBill about the problem would be to deface their website.

                                                              This report was a complete joke. This was just a variation of a Nigerian scam. We contacted the website and they responded via GMAIL if we would "Western Union" them 10k they would tell us what was wrong. LOL They create a fake security page and post stuff and hope companies will pay the blackmail money VIA WESTERN UNION (LOL)

                                                              But hey if it is on the Internet it MUST BE TRUE.

                                                              End of Story.


                                                              Ron C
                                                              _________
                                                              CEO

                                                              CCbill.com
                                                              Cavecreek.com

                                                              Comment

                                                              • Supz
                                                                Arthur Flegenheimer
                                                                • Jul 2006
                                                                • 11057

                                                                #81
                                                                Originally posted by closer
                                                                Any site can be hacked/cracked,

                                                                a financial/banking site should be held up to much higher security standards, as this could potentially give yet another HUGE blow to the adult industry as a whole, which is already at its weakest point to date, if this becomes a CNN item, we're not talking facebook here.

                                                                In the end, the only real opinion that should matter in such cases is how fast that hacked site fixes the backdoors.

                                                                It's good to read that CCBill is looking into it and hope they'll update us with any news.
                                                                They are held at a higher standard. CC processors have to be PCI (payment card industry) compliant. Which is a much higher standard beyond normal network security. Same thing with Banks, brokerage firms, hospitals. So on so forth.

                                                                Comment

                                                                • signupdamnit
                                                                  Confirmed User
                                                                  • Aug 2007
                                                                  • 6697

                                                                  #82
                                                                  Originally posted by RonC
                                                                  This report was a complete joke. This was just a variation of a Nigerian scam. We contacted the website and they responded via GMAIL if we would "Western Union" them 10k they would tell us what was wrong. LOL They create a fake security page and post stuff and hope companies will pay the blackmail money VIA WESTERN UNION (LOL)

                                                                  But hey if it is on the Internet it MUST BE TRUE.

                                                                  End of Story.


                                                                  Ron C
                                                                  _________
                                                                  CEO

                                                                  CCbill.com
                                                                  Cavecreek.com
                                                                  Interesting. I suppose we all should have researched this further before giving it credence.

                                                                  I see where your team spoke about this months ago:

                                                                  http://seclists.org/fulldisclosure/2010/Aug/193

                                                                  From: William Bell <williamb () cwie net>
                                                                  Date: Tue, 17 Aug 2010 03:52:19 +0000

                                                                  At CCBill we take web application security very seriously. I can assure you that no one in this organization received
                                                                  any type of disclosure prior to the posting of the vulnerability to this list. It is very easy to reach our Information
                                                                  Security team at security () ccbill com<mailto:security () ccbill com>. We are working hard to identify the issue in
                                                                  question and a post will be made here once it is resolved. I ask that the researcher from ariko-security.com please
                                                                  contact us at the email provided.

                                                                  William Bell
                                                                  Director of Information Security
                                                                  CCBill.com

                                                                  _______________
                                                                  I had never heard of these guys before but now I will research them and see if they have tried this in the past with others. If so I will make sure more people know about them.
                                                                  Last edited by signupdamnit; 10-15-2010, 02:39 PM.

                                                                  You don't like my posts? Put me on ignore or fuck right off. I'll say what I want.

                                                                  Comment

                                                                  • SwirlsGirl
                                                                    So Fucking Banned
                                                                    • Feb 2006
                                                                    • 2067

                                                                    #83
                                                                    Originally posted by RonC
                                                                    This report was a complete joke. This was just a variation of a Nigerian scam. We contacted the website and they responded via GMAIL if we would "Western Union" them 10k they would tell us what was wrong. LOL They create a fake security page and post stuff and hope companies will pay the blackmail money VIA WESTERN UNION (LOL)

                                                                    But hey if it is on the Internet it MUST BE TRUE.

                                                                    End of Story.


                                                                    Ron C
                                                                    _________
                                                                    CEO

                                                                    CCbill.com
                                                                    Cavecreek.com
                                                                    Hey Ron nice of you to stop in...also nice to meet you by the way. I also know some individuals that have recently been scammed.

                                                                    There seems to be plenty of that going around these days. If I am not mistaken one of the scammers were of Nigerian origin. Another seems to be of American origin.

                                                                    I wonder if you would mind posting the contact info or the gmail email account so that some of us may give the nigerian scammers a piece of our mind as well.

                                                                    You say they created a "fake" security page and tried to extort 10k from you guys for a fix? Man that is pretty crass.

                                                                    It is also very reassuring to know that all of my data as a client is secure and that you guys take data integrity so seriously.

                                                                    After all what is really being sold here is confidence and a processing companies success is only as good as its clients confidence in it of said "data integrity"

                                                                    Please post the contact info for the scammers would love to communicate with them.

                                                                    Also thanks for the "hey if its on the internet its true" comment, I am still chuckling uncontrollably from that one

                                                                    Comment

                                                                    • epitome
                                                                      So Fucking Lame
                                                                      • Jun 2009
                                                                      • 12156

                                                                      #84
                                                                      Originally posted by SwirlsGirl
                                                                      Hey Ron nice of you to stop in...also nice to meet you by the way. I also know some individuals that have recently been scammed.

                                                                      There seems to be plenty of that going around these days. If I am not mistaken one of the scammers were of Nigerian origin. Another seems to be of American origin.

                                                                      I wonder if you would mind posting the contact info or the gmail email account so that some of us may give the nigerian scammers a piece of our mind as well.

                                                                      You say they created a "fake" security page and tried to extort 10k from you guys for a fix? Man that is pretty crass.

                                                                      It is also very reassuring to know that all of my data as a client is secure and that you guys take data integrity so seriously.

                                                                      After all what is really being sold here is confidence and a processing companies success is only as good as its clients confidence in it of said "data integrity"

                                                                      Please post the contact info for the scammers would love to communicate with them.

                                                                      Also thanks for the "hey if its on the internet its true" comment, I am still chuckling uncontrollably from that one
                                                                      Dear Britney,

                                                                      I am writing today to let you know how awesome you are. Your music is great and it always picks me up when I am down. My cousin is a singer but she is not as good as you.

                                                                      Remember that one time they asked you in an interview if you were a virgin and you said you were but it turns out you weren't? Well, that was pretty rude of them. Please give me the email address of that interviewer. I'd love to give them a piece of my mind.

                                                                      Hey Britney, would you mind mailing me back with your concert dates? I'd love to see one of your shows.

                                                                      Anyway, I feel some sort of closeness with you after writing this. I hope that you'll send me an autographed picture.

                                                                      Fondly,
                                                                      Your #1 Fan

                                                                      Comment

                                                                      • plsureking
                                                                        bored
                                                                        • Aug 2003
                                                                        • 4904

                                                                        #85
                                                                        Originally posted by RonC
                                                                        This report was a complete joke. End of Story.
                                                                        there's too many eager hackers in Russia & China for this to not be a joke..
                                                                        PornCMS / low cost paysite management with hosting

                                                                        Comment

                                                                        • redwhiteandblue
                                                                          Bollocks
                                                                          • Jun 2007
                                                                          • 2793

                                                                          #86
                                                                          Originally posted by Supz
                                                                          They are held at a higher standard. CC processors have to be PCI (payment card industry) compliant. Which is a much higher standard beyond normal network security. Same thing with Banks, brokerage firms, hospitals. So on so forth.


                                                                          I worked for an e-commerce company that went through PCI compliance for all its servers and it is extremely thorough, and as I understand it anything that stores CC data has to be PCI compliant.
                                                                          Interserver unmanaged AMD Ryzen servers from $73.00

                                                                          Comment

                                                                          • AdultKing
                                                                            Raise Your Weapon
                                                                            • Jun 2003
                                                                            • 15601

                                                                            #87
                                                                            Reading this thread had me shaking my head.

                                                                            Why would you give credence to a company issuing an advisory when they have an about us page like this

                                                                            Doing a WHOIS on the domain reveals Polish contact details with a hotmail email address. Very professional.

                                                                            Look at the credibility of the web site - it was registered in 2009 and is obviously, I mean so scammer obviously, bogus.

                                                                            Comment

                                                                            Working...