Bitcoin Forum

BITPLANET.ONLINE is new investment HYIP program

Statistics:
- 2 days online
- Earn 5%, 10% to 12% daily
- 3 comission LVLs 5-3-1%
- UK registered company #10791777
- SSL

adress: https://BITPLANET.ONLINE


Contact: Form or admin@bitplanet.online
Company adress: London Data Cabling, 4-8 Sutton Street, London, England, E1 0BB


Discription on website:
"Welcome to the website of Crypto Currency Investment Limited! Our investment platform is a product of careful preparation and fruitful work of experts in the field of Bitcoin mining, highly profitable trade in cryptocurrencies and online marketing. Using modern methods of doing business and a personal approach to each client, we offer a unique investment model to people who want to use Bitcoin not only as a method of payment, but also as a reliable source of stable income. Bitplanet.online business uses only modern mining equipment and trades at the most stable markets, which minimizes the risk of financial loss to customers and guarantees them a stable income accrued every calendar day."

Pretty bad I must say. Not only the design looks horrible, but the script is bugged also.
For example:

Link: https://bitplanet.online/login
You can send data like this using POST Method: 12345'"\'\");|]*{%0d%0a<%00>%bf%27'?#?#
You will get the following Error:

https://puu.sh/yJWaf/95f93eda08.png

This can be manipulated into disclosing sensitive information.

You can also notice, this is using a Vulnerable Jquery version (1.9.2): https://bitplanet.online/phpmyadmin/js/jquery/jquery-ui-1.9.2.custom.min.js
This is vulnerable not only to XSS Attacks, but can also disclose sensitive information.
More information about this specific vulnerability: https://zerobitsecurity.wordpress.com/2015/11/15/xss-vulnerability-on-_attachdatepicker-function-in-jquery-ui-1-9-2/