cryptsy

[r3wt]

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

[sgk]

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

But it is open-source now, so these vulnerabilities will be easy to find and fix.

[okae]

ty @crypto-maniac for this open source code, i really apreciate it, TY!!

[bitvestor]

This is great and its opensource, really appreciated and i feel bad that your original dream for this was kicked away because of laws and trust when you decide to sell and make profit for your time and effort..

For those asking about security and so on, its opensource now so get yourself to work if you actually need it..

[r3wt]

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

But it is open-source now, so these vulnerabilities will be easy to find and fix.

Yeah, but it still won't scale and its still succeptible to other vulnerabilities.

[Crypto-Maniac]

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

thx you R3wt for these words ....

its definly more easy to run  scanner from Kali ,instead code from scratch this open source exchange

you cannot sweep the work just for some basic (important also) security breach

also as i said exploit need POC so please if you can report and show it would be a good contribution at least

you wont find LFi/RFi here , maybe an xss or sql injection as u find

as other members remind it is open source and i didnt recommend to anyone here or via PM to run the site straigh like this

it flow from sense that if you like to run an exchange you must pay a DEV and security guy (a real one..)

i would recommend to also change request $GET  to $POST

[mistercoin]

Amazing. I still have to crawl through the code to see if it truly is malware-free and not an attempt to harm, but if you honestly did release this Open source and clean to us, a lot of people could take a lesson from you as this is no small feat.

Thank you.

[mistercoin]

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

thx you R3wt for these words ....

its definly more easy to run  scanner from Kali ,instead code from scratch this open source exchange

you cannot sweep the work just for some basic (important also) security breach

also as i said exploit need POC so please if you can report and show it would be a good contribution at least

you wont find LFi/RFi here , maybe an xss or sql injection as u find

as other members remind it is open source and i didnt recommend to anyone here or via PM to run the site straigh like this

it flow from sense that if you like to run an exchange you must pay a DEV and security guy (a real one..)

i would recommend to also change request $GET  to $POST

I will clean up some of the security holes and submit pull requests if you would like me to?

[r3wt]

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

thx you R3wt for these words ....

its definly more easy to run  scanner from Kali ,instead code from scratch this open source exchange

you cannot sweep the work just for some basic (important also) security breach

also as i said exploit need POC so please if you can report and show it would be a good contribution at least

you wont find LFi/RFi here , maybe an xss or sql injection as u find

as other members remind it is open source and i didnt recommend to anyone here or via PM to run the site straigh like this

it flow from sense that if you like to run an exchange you must pay a DEV and security guy (a real one..)

i would recommend to also change request $GET  to $POST

Looking through your source code, i found many of the same vulnerabilities that were in the original OpenEx scripts that i cowrote(In fact, some of the code is copied directly from OpenEx source code). To put it into perspective, i had no idea what i was doing back then(first experience with programming, delusional about my abilities). I do now:

https://github.com/OpenExLLC/web   -- No Release candidate yet
https://github.com/OpenExLLC/live    --0.1 Release
https://github.com/OpenExLLC/mail  -- Release Candidate is untested


This exchange will be scalable, secure, and just generally awesome. If anyone wants to join this effort, you're more than welcome to. There are other components to the system, however these are the only ones i've made public at this time, Mostly because some are yet to be implemented or are waiting on other things to be completed so they can be tested.

[Crypto-Maniac]

Thx you R3wt of course i will accept your your pull request

[tyz]

Has someone already installed the script? Is it working the way the creator is promising?

[diddledum]

I would like to have this running on my site if there are no backdoors

I would appreciate some help from anyone to get this on a domain if all is ok

[alwinlinzee]

This is not an open source entirely because someone still need to pay 0.50btc to activate it to full version which include voting and chatting stuffs but is that price negotiable and do you offer free installations?

[tyz]

Well, i would still like to know if someone installed and run the script in production?

Has someone already installed the script? Is it working the way the creator is promising?

[Pab]

 Hi ,thank you
i will let know some honest people about your work,ifanybody will be intersted in to run exchange,i will let you know.You really deserve to get some money,maybe in some future will be possible to make a kind of decantrelised ,secure exchange on that base

[Pab]

Hi ,thank you
i will let know some honest people about your work,ifanybody will be intersted in to run exchange,i will let you know.You really deserve to get some money,maybe in some future will be possible to make a kind of decantrelised ,secure exchange on that base

Your link is showing not found,i sent you pm

https://github.com/crypto-maniac/Cryptsy-Clone

[tyz]

I know it some time ago of you post but could you point to the files and lines where you find these vulnerabilities?

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

[Yofun]

Hey OP? link to source code is broken?

[tyz]

Yeap, it seems he took it offline. Maybe too much security holes and flaws in the script.

Hey OP? link to source code is broken?

[SparkedDev]

If anyone has the files and are willing to work with us we would be happy to fix the code a push an updates with no holes.