Latest posts of: GameMaker

Show Posts
Pages: [1]

Other / Archival / nevermind

on: March 10, 2023, 09:00:23 PM

-

on: February 12, 2023, 10:54:21 AM

Sent you an email. Check it before launching with live currencies

on: September 24, 2022, 05:38:13 PM

Quote from: Coin_trader on September 24, 2022, 03:19:11 PM And also you made a warning message here after you report the bug to the admin. Meaning that they are already aware and probably fixed so your warning here is already not valid. Your negative comment is an obvious retaliation for not paying to your volunteer service. I'll post warning messages no matter what. Wintomato paid me for the data leakage vulnerability, and I still let people know about it (Check my post history). The reason for posting warning messages is to let people (Customers) know that they fucked up, and that it might happen again.

on: September 24, 2022, 01:16:45 PM

Quote from: euphoriabet on September 24, 2022, 12:15:34 PM leaving a bad review by not playing on the site just because you were not paid a reward for pointing out a bug is ridiculous, no one forced you to do it, you did it voluntarily I totally agree that leaving a bad review just because I wasn't paid isn't fair. The point of my review is to let potential customers know that a bug has been found (And fixed), and that their funds might not be safe. The reason I'm saying their funds might not be safe, is due to how easily I found the vulnerability. If a malicious actor had found the vulnerability (And not me), then they could've slowly stolen your bankroll over time, and users wouldn't be able to withdraw what they'd won. That said, I welcome you to the gambling scene. Pro tip; Start a bug bounty program. Paying people to find bugs is a lot better than people finding bugs and exploiting them. Also, make the roulette provably fair

on: September 24, 2022, 11:14:05 AM

This website is the least secure one I've ever seen. After finding a serious vulnerability, I reported it to their team. I obviously can't expect bug bounty rewards when the website doesn't have such a program, but this is the first website I've ever bug hunted on that didn't pay ANYTHING. The vulnerability made me able to generate infinite USDT+BTC. My advice is to avoid this site. You could easily lose your crypto due to a malicious actor (If the site bankroll is cleaned).

on: June 18, 2022, 04:37:59 PM

Quote from: wintomato on June 13, 2022, 02:47:27 PM It is impossible some one to steal this information; Mails, IP addresses and other private data are hashed and saved with all security standards; Just gonna start off by saying that this is a blatant lie (Passwords might be hashed/encrypted, but E-mails, IP addresses and other basic information is not)... I've told your support team & a moderator about the endpoints with information leaks, and they've all told me that they've let higher ups know. I see that one endpoint has been fixed, but that's just one out of multiple... I've messaged you on-site, and I need a reply within 1-2 hours or I'll be gone for 7 days again.

on: June 03, 2022, 05:18:33 PM

Apparently messaging support didn't make the admins/devs fix this, so I'll just throw it out there. Wintomato is leaking user information through their API; and despite being told exactly what part of the API does this, they've done nothing about it. The information leaked is honestly not the biggest deal in the world (2FA status, Email, IP, other shit), but it breaks shit such as GDPR etc. All this shows is bad development, and that they have no sense of what is important.

Pages: [1]