Jump to content

Agora Marketplace Cross Site Request Forgery

Recommended Posts

Ladies and gentlemen
Boys and girls
It come to our attention that a brave warrior for the people Ross
William Ulbricht was unlawfully convicted by the corporation known as
the American government.

This mockery of justice has not gone unnoticed.

In order to protect the next generation of darknet markets we will be
disclosing vulnerabilities for these sites in order to make these
sites safer from attack.

To start, the Agora Marketplace contains a CSRF vulnerability which
can be used to drain a victim account of all of their Bitcoins. The
following URLs can be used to perform this attack:

URL to start PIN reset:

URL to change current PIN:

URL to send bitcoins using the new pin:

These are all GET requests and don't require JavaScript to work.
NoScript cannot save you from poor coding practices.

There will be more to come. Stay safe. Stay anonymous.

-The Guardians of Peace


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...