Avoyel faggots got pwned!

[Herr Ruin]

Remember how these faggots talked about how 1337 they are and shit? Well, big surprise, turns out they are not. In fact they don't know shit about security. I managed to get into their site, sadly I didn't get their whole DB due to me being a lazy drunk fuck, but I managed to get the important Parts. I won't go into details how I managed to get in so they don't fix this when/if they are back but let me tell you this; I found at least 4 exploitable SQL Injections and the Database Dump contains Username/Password MD5s as well as logged User IPs.
If I see one more fucking DDOS, CP Spam I will release every cracked Password, every logged IP and what ever else I see fit and trust me there are real IPs of mods and users in the dump maybe due to being too lazy to use a VPN properly or just simple incompetence.
Proof with redacted SQLi:


BTW most of this was done via Smartphone, I didn't even need to boot up my workstation to own your shitty little forum

[aldra]

lol, sqli

[Proots]

Do it anyway.

[MoaningLisa]

hahaha win.

[starvingniglet]

Remember how these faggots talked about how 1337 they are and shit? Well, big surprise, turns out they are not. In fact they don't know shit about security. I managed to get into their site, sadly I didn't get their whole DB due to me being a lazy drunk fuck, but I managed to get the important Parts. I won't go into details how I managed to get in so they don't fix this when/if they are back but let me tell you this; I found at least 4 exploitable SQL Injections and the Database Dump contains Username/Password MD5s as well as logged User IPs.
If I see one more fucking DDOS, CP Spam I will release every cracked Password, every logged IP and what ever else I see fit and trust me there are real IPs of mods and users in the dump maybe due to being to lazy to use a VPN properly or just simple incompetence.
Proof with redacted SQLi:


BTW most of this was done via Smartphone, I didn't even need to boot up my workstation to own your shitty little forum

you kick ass 

[LOVE]

Great work. Can you probe IntoSanctuary for security flaws and assist in strengthening the defense?

Do it anyway.

Why throw it away?

Make an example of individual offenders as needed and leave the full leak and handover to relevant authorities. Work with Arnox for confirmation of matching IPs for active Avoyel participants and flag them here for M&A to see. Naming and shaming could be counterproductive and a breach of PI rules.

If it's not working, then unleash hell.

[Herr Ruin]

Do it anyway.

I might but let me finish cracking all the md5s first, I bet some Users were stupid enough to recycle their passwords. Motherfuckers dumb enough to go around claiming they are 1337 haXx0rs just because their lunch money was enough to rent a DDoS service tend to be this stupid...
Shit was too easy, this was done weeks ago and some users can verify my claims as they've gotten screenshots in advance

[Herr Ruin]

Great work. Can you probe IntoSanctuary for security flaws and assist in strengthening the defense?

Do it anyway.

Why throw it away?

Make an example of individual offenders as needed and leave the full leak and handover to relevant authorities. Work with Arnox for confirmation of matching IPs for active Avoyel participants and flag them here for M&A to see. Naming and shaming could be counterproductive and a breach of PI rules.

If it's not working, then unleash hell.

Of course I can but generally not without Arnox consenting.
I won't send shit to authorities but if I decide to publish the dump do as you please.
Matching IPs won't work in every case as there are multiple users using the same VPN Provider/IP at the same time, however it is entirely possible to identify users if you combine IP address and browser fingerprints for example but that's none of my business as far as this forum goes

[DOOM]

 win win

[Arnox]

Doesn't really matter for both their security flaws or mine.

Kind of doesn't matter for them because they've long abandoned that site I'm sure.

Doesn't matter for me because I fully admit I don't know very much at all about networking and can do very little programming. I'm pretty sure I couldn't fix the holes with my knowledge.

HOWEVER, I constantly make backups of the sites forum files and database. So I can restore everything at the click of a button no matter how bad things get.

[RisiR]

Herr Ruin, why does it say "Deutsch" at the bottom of your screenshot?

Are you a fellow Kraut?

[Herr Ruin]

Yup I'm from germany, not that my username gives it away or anything

[RisiR]

Ich schätz ma, dass dir ein bestimmtes Opiat sehr gut gefällt. Ist aber reine Spekulation meinerseits. 

Freut mich auf jeden Fall, dass ich nich der einzige Deutsche hier bin. Lass krachen.

[Satyr]

Oh my god, you're almost as 1337 haxxor as -Spectral.

Anyway, great job dude. Kudo's.

[Herr Ruin]

Nope kein Heroin für mich ich glaube ich hatte das hier schon irgendwann erwähnt, grundsätzlich bin ich Opiaten/opioiden gegenüber nicht abgeneigt aber nachdem ich mit Jahrelangen Tilidin dauerkonsum, wie nicht anders zu erwarten war, ordentlich auf die Schnauze geflogen bin habe ich kalt entzogen und nasche heut zu Tage nur noch 2-3 mal im Jahr. Witzig ausgerechnet hier jemanden aus .de zu treffen. Warst du auch schon auf zoklet/totse aktiv?

Außerdem um den Klischees gerecht zu werden:
Sauerkraut Kartoffeln Fräulein Stechschritt!