CCBill Password Management Crush!!!
 

Do you guys still think that CCBill is one of the most trusted names in our Industry?
You are tricked, what's not true.
Their PASSWORD MANAGEMENT IS CRUSHED!!!!!!!!!!!!
They suck a lot of bandwidth and you loose real money while you sleep. Wake
up!
Don't believe me? Follow these Instructions and be surprised:

1. Check these sites for example:
http://www.keeganskky.com
http://www.teencoreclub.com
http://www.cumonherface.com

2. Find 'Join us' page and click 'Instant credit card with CCBill' button
there.
3. Type anything what do you like in subscription fields and click 'submit
order' button.
4. You'll get confirmSignup page. Don't hit 'Process Transaction' button
(!), simply copy username:password and go to Member zone and enjoy with
exclusive superb content for free! After 60-90 min CCBill will close your
account but you can repeat the procedure and watch their sites as many times
as you'd like!

I suppose all webmasters who work with CCBill need to check their sites too
because this information can be used by password traders and other dark men.

Interesting if true.

I just tested it on some of my sites and it does work. :mad:

Shit...maybe I was wrong...

This is very scary.

Luckily it didn't work on my own site but when I went to cumonherface.com it did work. Someone at ccbill should look into this.

it works :(

Yep. Sure does. :(

Shit, that's just a simple programming mistake, but what a mistake to make!!

Note to CCBill: Might want to wait to add the authentication info to the .htpasswd file AFTER the transaction has been successfully processed ;)

.

I can't get the shit to work, I must be an idiot:mad:

Damn, good catch ATX!

My signup form won't let me test it. When I enter fake info it tells me I have the wrong address, or the wrong credit card number or something else. Too much hassle.

On edit: It works on the sites he listed. I guess it should work on our site too if I could figure it out. :)

L O fucking L

HAHAH, CCBILL sucks ass!

#1 processor my ass, what a fucking joke. Those dipshits at ccbill couldnt make a good script if thier lives depended on it. I feel bad for alot of you people that use them. I might just spam 3 million people and give them the instructions on how to get into the members areas on all ccbill processed sites.:thumbsup :thumbsup

www.ccbill.com 'members area? whats that?'
lol

no, doesn´t work on our sites, something stinks in here.

"I might just spam 3 million people and give them the instructions"

... now it stinks even more.

ahahaah found a few that work, found a few that dont.

Bizarre!

... could it be that the 3 sites above are running in ccbill´s test mode ??

SHOCKING!!!!!

Well actually the shocking thing is how bad their member's area is!

Can't get it to work on our sites but I was under the impression that CCBill switched to a new scheme anyway which is what we're using. Maybe some sites haven't switched yet..

Jak

Oh my god, it works!!

This is insane!

unbelieveable
it really works
HOW STONED MUST A PROGRAMMER BE TO WRITE THIS KIND OF SHIT CODE.
damn ccbill.... you better shutdown your system or hire some REAL programmers... damn

anyone tried this with ibill??

I just tried it on a few more sites, and they ALL WORK!

I hope I can't get in shit for this - after all, I DIDN'T press 'confirm', right? They've recorded my IP, though, but that shouldn't matter.

What do you guys think?

to buddyII:
How about 3 million surfers?:rasta
Right now!
to all: iBill is ok, but ... :1orglaugh

i found that this only works with CCBill's new Custom forms pages

The password does fail after 30 minutes or so, and it doesn't allow me to do it again, which is good, I guess... must be cuz I'm on the same IP.

damn will post this one on pornpassforum or whats it called... thats should really bring some surfers in :D

but ouch.. what a fuck up to make... bet your sweet ass some programmer has mighty red ears and a job he is missing once they hear about this one...

Kimmy Kim is on her way to your house right now. Her last job for CC Bill will be to permanently "terminate your account". Get out while you still can.

CCBILL = LAME

See! There ARE still some 3rd party processors that allow free trials. :1orglaugh

My members area sucks too. Can I have your fake passwords? I could trade them to my cable guy for a free chip.

damn... business crusher

WHOEHAHAHAHAAHAA!!! J_E_Z_U_S C_H_R_I_S_T !!!

this is insane! i wouldn't even have made such a mistake 8 years ago when i first started programming BASIC :D :D

Tried this on one of the sites, got a username and password. Tried this on one of my sites, which uses the new CCBill forms, and it said "Invalid Card". So I appear to be safe... Still: Spooky shit.

i donno if i am the only one here.. but i would finally like to here a sentence or two from ccbill......

I believe KimmyKim is busy on other more IMPORTANT issues like message board flame wars.

with CCBILL off sure!!!:thumbsup

l33t password d00dz have known this for a while im guessing

i did not say that

Maybe it only works on some sites, it does not work on any of my sites :Graucho

Boy those are lame ass paysites inside, holy crap

who would want a free password to those?

Something stincks here, and its not CCBILL (or me). All those sites have the new custom signup forms which are generated from the admin area. Seconed they are setup all on unix/linux server. This thing doesnt work on sites that are on NT systems.

you might wanna blame unix/linux/apache or the actual asshole that setup the signup forms before you jump on ccbill.

My seconed option is: for "some reason" somebody wants you to go those sites and signup for them.

Thats all for now.

:winkwink:

Yes, let's blame the operating system because the programmer was too stupid to work around any security holes.

I guess I am going to have to stop lurking so I can post on this issue. ;-)

In trying to account for all possible sign-up scenarios, CCBill determined
that is was important to "reserve" a username once it was entered, but prior
to confirmation. This was done to prevent multiple sign-ups with the same
user name occurring simultaneously. This feature was "added" to the new
custom forms only. This did not affect any client using our older sign-up
systems.

Unfortunately, as we were upgrading another portion of our systems last
night, this feature began to insert the customer supplied username and
password into the database. As a fail safe, we have always had a cron
running every 30 - 60 minutes to eliminate or update username and password
data, and therefore, consumers who discovered this error were only able to
gain access for a limited period of time. This error is currently being
fixed.

Again, we would like to stress that only clients utilizing our new custom
form system may have been affected and, even in that case, it should only be
those who utilize confirmation pages. If any client affected by this issue
needs to speak to me directly, please contact me here at CCBill

Sean Eggert
CCBill Account Rep.
888-906-0666 ext. 158
84769138 icq

It only takes me 30-60 seconds to whack off;)

look this...
http://ccbillcrash.clickmyporn.com/


don't kill me it's not spam

:ak47: :pimp

Uh, oh! :waaaaahh

:)

The system has been updated, and the problem is now fixed.

Again, anyone that would like to contact me directly please feel free to call or icq.

888 906 0666 ext. 158

84769138 icq

Thanks!

Confirmed.... I have CCBill custom forms, and it does not work on mine. However, I did get an email a few days ago from a guy who tried to sign up and said his password only worked for 45 min or so. He never did actually sign up until yesterday, so it must have been the case until they now fixed it. Thanks CCBill!, and thanks to ATX_Soldier for posting this.

It don't be do workin on mine

If you want to do yourself a favor remove the confirmation screen regardless and use the ccbill user/pass generator. They dont get the user/pass until they have been charged and they cant pick stupid usernames like "qwerty" or "asdfg".

I know some other webmasters probably wonder if the random user/pass generator bothers members - the answer for me has been "no" they do not. In fact, nobody has ever complained once and password theft is mostly a dead issue for us now.

Sean's a Pimp.... :pimp

...congrats on making the cover of Klixxx! Looking forward to partying in August :winkwink: