Change Email via http (just like account creation)

[Mainkill1]

I had some mules I want to verify but had no easy way to do it. Go figure its Very easy to find the method used by kabam.


realmofthemadgod.appspo*****m/account/changeEmail?guid=Email Here&password=Password Here&ignore=68541&newGuid=New or same email(to resend verify notice)


Figured I would put this out here because I have no real time to make a script and if people are able to, they can have there way with this.

The method used on the client is done via post(header) but get(url) is possible as well and thats what I have done here.

[Botmaker]

@Mainkill1 thanks for sharing this it's very Helpful, i'll make a program tomorrow and upload on mpgh

[75dragon]

@nilly @Botmaker how does this work?

[krazyshank]

Just wrote a simple c# app to mass verify my mules, thanks man.

[krazyshank]

Posted it here for anyone who is interested: https://www.mpgh.net/forum/599-realm-...sender-v1.html

[Mainkill1]

I noticed after I uploaded another PHP script to mass verify.
A program would be much better seeing how it is done by a client and has no time out problems. So thanks.

[JustAnoobROTMG]

curl -d "realmofthemadgod.appspo*****m/account/changeEmail?guid=Email Here&password=Password Here&ignore=68541&newGuid=New or same email(to resend verify notice)"

Not related to ROTMG :
I love curl. The fact it didnt respond to PHP Header:Location is a blessing
I wonder why people "protect" their PHP script by redirecting the client if not authentified but DONTstop the script execution using exit() or die()

[Mainkill1]

Not related to ROTMG :
I love curl. The fact it didnt respond to PHP Header:Location is a blessing
I wonder why people "protect" their PHP script by redirecting the client if not authentified but DONTstop the script execution using exit() or die()

I have seen some people fail extremely bad before but to load un-authorized page up is a failure. I intend to put my scripts users through alot of tests before they see anything, past that; They get a message telling them they failed to login and attempts to redirect them.

Also, I know alot of people like cURL and I just never found a use for it. PHP also does what you want so if I grab a webpage, it wont send me anything past the html. I even got to play with header manipulation to make a captcha forwarder that needed to send the captcha and php session id with it.

[BoxingClub]

Nice, But people can use this method for phishing purposes.

[Dragonlais]

I have one problem , you see I have acc who is verified but I don't know this email password , I am playing with it and If I forget acc password I can't get it back can i somehow change email? (I really need it)