|
Title: Bug in blockchain.info, can be used for phishing Post by: rme on March 01, 2013, 01:57:25 PM Hi!
To all BlockChain.info developers (@piuk and so), I've just found a bug in the BlockChain.info Tag System, someone can just tag any address that he dont own and everybody will that open the blockchain.info address link will see it, (also is possible to include links). Proof of Work: (Look near the green arrow) http://blockchain.info/address/1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM http://blockchain.info/address/1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF http://blockchain.info/address/16cou7Ht6WjTzuFyDBnht9hmvXytg6XdVT How to insert text + link in someones bitcoin address page (at blockchain.info): 1.- Go to http://pastebin.com/ and paste the address, copy the given link 2.- Go to http://blockchain.info/tags and fill the form: Address: Target_Bitcoin_Address Tag: Your mensage (it will be shown publicly) Link: Pastebin link 3.- Go to http://blockchain.info/address/Target_Bitcoin_Address and view your Tag. No confirmation is required, see that the proof-of-work links are very famous addresses. My bitcoin address (if someone wants to tip me): BTC 1R2sWeVhFitB8zVbkrmdSoXzaQRsw6cfh ;) Thanks and keep improving Blockchain.info, the best online-wallet ever. Title: Re: Bug in blockchain.info, can be used for phishing Post by: rme on March 01, 2013, 03:16:40 PM Someone (maybe blockchain.info admin) is flushing recent Tags.
Title: Re: Bug in blockchain.info, can be used for phishing Post by: piuk on March 01, 2013, 03:23:33 PM Someone (maybe blockchain.info admin) is flushing recent Tags. tags are moderated, sometimes slowly. Title: Re: Bug in blockchain.info, can be used for phishing Post by: rme on March 01, 2013, 03:25:18 PM Someone (maybe blockchain.info admin) is flushing recent Tags. tags are moderated, sometimes slowly. There is still a bug that allows someone to change tags randomly |