He blind hacked it in minutes without source access, so I am offering the bounty for the same thing. td204 is right in that I am using that 3rd party form for logins, so you can look for it and see the source.
Did you get my PM? It's not the 3rd party part, it's (at least) your custom save script. |
|
|
|
Well... the form is vulnerable to XSS (and screenshot looks like, too) as single quotes in inputs are not escaped... but that alone would not gain him database credentials. did he really modify some files or only made it look like they were modified? Can you provide the php source code? A code rewiew would be easier than blind guessing. Proof for XSS: enter as user (or pass) and click on the input field afterwards. Could also be used in a similar way to inject images/html code into the website or steal cookies. |
|
|
|
guess nobody has faith in bfl any more  |
|
|
|
*bump* 100x 0.002 BTC promo:  |
|
|
|
Choose your grid size, then walk through the minefield by clicking a square in the highlighted row. Make a safe choice, and Bitcoins are yours. Claim them or choose a square from the next row for an even bigger payout. Step on a mine, and it's KABOOM! |
|
|
|
echo '<tr><td><div class="btn-group">
<button class="btn dropdown-toggle" data-toggle="dropdown"> '.$r['id'].' <span class="caret"></span></button>
<ul class="dropdown-menu">';
$r = mysql_query('SELECT msg FROM b WHERE ID="' . mysql_real_escape_string($r['id']) . '"' );
while ($d = mysql_fetch_assoc($r)) {
echo '<li> '. htmlspecialchars($d['msg']) .' </li>';
}
echo '</ul>
</div></td></tr>';
? 1PcvEYS54SggtN49n57T2K3cpss3D7xpWp |
|
|
|
|
There are too much possibilities for abuse (spam, (d)dos, bitcoin-mining ...), too much administrative work and too less opportunities to earn money (where to put ads if there is no webserver on that virtual machine) so I don't think anyone would offer a vps for free.
|
|
|
|
|
rU8MYQwiFHSvygzB8bqauxvUp5FeVrvpj4
|
|
|
|
Traded a total of 500 USD amazon giftcodes, i sent first, everything fine. thx a lot  |
|
|
|
I'm missing satoshi-karoshi in that list  |
|
|
|
It should work with PayPal, I used vanilla visa with PayPal before, google instructions.
None of those instructions worked for me. Anyways... managed to buy amazon gift codes for which I also have no use for but guess they are much more convenient than these f... visa gift cards. So now I have 5x $100 amazon gift codes for sale. Buy it now for $90 each (BTC equivalent mtgox rate). |
|
|
|
Bought this at bitmit and found out it doesn't work with paypal or moneybookers  so it's really useless for me. 500 USD gift card, virtual card, so I'll send number, expiration and cvv by pm/email only. Balance can be checked online at vanillavisa.com |
|
|
|
Your font is being blocked by google Chrome, in the url replace 'http://' with '//' the browser will then intelligently choose http/https
Fixed. Thanks a lot |
|
|
|
Hey there! I've had some issues with your site, your site took more bets then I placed. I placed 0.001 and sometimes it just tripled that randomly upon loss.
Which should not happen of course. If you tell me your accountId I'll be happy to look up the game and accounting logs. |
|
|
|
think i need new glasses i'm wondering how you did solve that |
|
|
|
|
Show Posts
