|
btc_enigma
|
 |
April 20, 2015, 01:14:39 PM |
|
I can register with multiple emailids (sepearated by commas) in registration page
|
|
|
|
|
100bitcoin (OP)
|
|
April 21, 2015, 09:30:20 AM |
|
what is this? http://www.100bit.co.in/admin , let me know if this helpful. also maybe in 404 error page you should added text like " the page is not found " or something else Like every user ID, admin ID can be seen as well. That is no bug. 404 error page is already in place - www.100bit.co.in/error404.php |
|
|
|
|
|
|
100bitcoin (OP)
|
|
April 22, 2015, 05:56:35 PM |
|
User ID is not editable. It is unique for every user. If you forget your User ID, it is always in your email inbox. You have home button return to the user home page. Logo link is to return to the site's landing page. So, if you are logged in and click that logo, it'll always show you "You are already logged in". None of the above are bug. Thanks for trying anyway... |
|
|
|
|
MoonOfLife
|
|
April 23, 2015, 02:15:34 AM |
|
User ID is not editable. It is unique for every user. If you forget your User ID, it is always in your email inbox. You have home button return to the user home page. Logo link is to return to the site's landing page. So, if you are logged in and click that logo, it'll always show you "You are already logged in". None of the above are bug. Thanks for trying anyway... i think its a bug , because at other site doesnt like that here my address : 1JxXDzcnWk1sMR1JiG2agZeELEa6g95pXd if you want to send some BTC |
|
|
|
|
|
Albert Hamilton
|
|
April 24, 2015, 02:10:47 PM |
|
User ID is not editable. It is unique for every user. If you forget your User ID, it is always in your email inbox. You have home button return to the user home page. Logo link is to return to the site's landing page. So, if you are logged in and click that logo, it'll always show you "You are already logged in". None of the above are bug. Thanks for trying anyway... i think its a bug , because at other site doesnt like that here my address : 1JxXDzcnWk1sMR1JiG2agZeELEa6g95pXd if you want to send some BTCTo me, these do not appear to be bug. These are more of improvement suggestion... |
|
|
|
|
|
100bitcoin (OP)
|
|
April 26, 2015, 07:55:12 PM
Last edit: April 26, 2015, 08:35:06 PM by 100bitcoin |
|
I can register with multiple emailids (sepearated by commas) in registration page
This one is expected to be fixed now. Please check at your end and let us know. Also, please provide your bitcoin address for a small bounty. |
|
|
|
|
MoonOfLife
|
|
April 27, 2015, 06:12:35 AM |
|
suggestion
> add photo profile in seting
> change dashboard [ because your dashnboard is doesnt interesting ]
> add new feature on your site [ like forum on your site ]
> can sell LTC
> enable contac seller for discount or anything *lol
_________
for bug .. i think its doesnt bug in your site again
_______
ask
03AHJ_Vuu3FUG45V4jKXui9Csz8rHSgdjqULKk9jIt71lGp1uyeoCJXG8QVr0TBcwRqRA0pjJkJMkXo l2rVc-ahk5Ojl1hzcZ9G0r0MPkvePeJd_AueZwA7wgmcTKhAC039YtGTPiytye6hYJlRRwBt9xSCUG4zO3D7i0aXikE9e64ojGloq7f_Pz-3GWEfxeKgKzvZlVWcCSL078cHcO35cWhgczdocyLm8TgCqxAJdurAAf8N73J9tmQNZgm-9nFyaNtwS2ptNS_kjlbzuMohpV4fcm8tgu1CA
what is that it show up after in password after write captcha your site say " please copy this ... "
|
|
|
|
|
|
GiocareHost
|
|
April 27, 2015, 09:42:04 AM
Last edit: April 27, 2015, 02:39:55 PM by GiocareHost |
|
I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).
2.)Registration form without CSRF protection.
3.)Session cookie is without Secure flag set & HTTP only flag set.
4.)Vulnerable to Click jacking.
In total I have detected 4 Major bugs which can be very harmful for your site.
I can explain them to you,if you want.
I hope you will not break your promise and send me 0.4 BTC to 1FzWfTTy8YCh1fRBBZ9Fuyym85Xoe4qYL8
add one more bug,
user details are transmitted over an unencrypted channel.
That makes it 0.5BTC
|
|
|
|
|
CoinFriend
Sr. Member
 Offline
Activity: 266
Merit: 250
support.
|
|
April 27, 2015, 06:08:01 PM |
|
hey admin, why do you have two different threads? why is no information about the BETA status on your website? and why do you provide so less information about your site. why you didn't answer my questions personally on the other thread? https://bitcointalk.org/index.php?topic=985796.0 |
|
|
|
|
Victor Beckham
|
|
April 27, 2015, 06:17:36 PM |
|
I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).
2.)Registration form without CSRF protection.
3.)Session cookie is without Secure flag set & HTTP only flag set.
4.)Vulnerable to Click jacking.
In total I have detected 4 Major bugs which can be very harmful for your site.
I can explain them to you,if you want.
I hope you will not break your promise and send me 0.4 BTC to 1FzWfTTy8YCh1fRBBZ9Fuyym85Xoe4qYL8
add one more bug,
user details are transmitted over an unencrypted channel.
That makes it 0.5BTC
LoLz... according to OP, you may get up to 0.1 BTC. It is not 0.1 BTC per bug. Check about the others who got paid before you. They found more bugs than you have found. |
|
|
|
|
|
|
100bitcoin (OP)
|
|
April 27, 2015, 10:12:32 PM |
|
I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).
2.)Registration form without CSRF protection.
3.)Session cookie is without Secure flag set & HTTP only flag set.
4.)Vulnerable to Click jacking.
In total I have detected 4 Major bugs which can be very harmful for your site.
I can explain them to you,if you want.
I hope you will not break your promise and send me 0.4 BTC to 1FzWfTTy8YCh1fRBBZ9Fuyym85Xoe4qYL8
add one more bug,
user details are transmitted over an unencrypted channel.
That makes it 0.5BTC
Please note that, maximum payment you may receive is 0.1 BTC and you need to provide explanation of your bugs. We have sent you PM regarding this. |
|
|
|
|
100bitcoin (OP)
|
|
April 27, 2015, 10:19:49 PM |
|
suggestion
> add photo profile in seting
> change dashboard [ because your dashnboard is doesnt interesting ]
> add new feature on your site [ like forum on your site ]
> can sell LTC
> enable contac seller for discount or anything *lol
_________
for bug .. i think its doesnt bug in your site again
Thank you for the suggestions. You can already sell LTC and communicate with seller when the order is in progress. Nice to know that you did not find any bug. ask
03AHJ_Vuu3FUG45V4jKXui9Csz8rHSgdjqULKk9jIt71lGp1uyeoCJXG8QVr0TBcwRqRA0pjJkJMkXo l2rVc-ahk5Ojl1hzcZ9G0r0MPkvePeJd_AueZwA7wgmcTKhAC039YtGTPiytye6hYJlRRwBt9xSCUG4zO3D7i0aXikE9e64ojGloq7f_Pz-3GWEfxeKgKzvZlVWcCSL078cHcO35cWhgczdocyLm8TgCqxAJdurAAf8N73J9tmQNZgm-9nFyaNtwS2ptNS_kjlbzuMohpV4fcm8tgu1CA
what is that it show up after in password after write captcha your site say " please copy this ... "
Can you please provide a screenshot of this ? Also, please let us know when you are getting this and in which browser. |
|
|
|
|
100bitcoin (OP)
|
|
April 27, 2015, 10:29:01 PM |
|
hey admin, why do you have two different threads? why is no information about the BETA status on your website? and why do you provide so less information about your site. why you didn't answer my questions personally on the other thread? https://bitcointalk.org/index.php?topic=985796.0Extremely sorry for the delay. We were little busy in providing support on the site. We have replied to you in the Active Trader thread as well. This one is for bug bounty. So, there are 2 different threads. Thank you for your interest.  |
|
|
|
|
MoonOfLife
|
|
April 28, 2015, 01:31:11 AM
Last edit: April 28, 2015, 01:51:58 AM by MoonOfLife |
|
suggestion
> add photo profile in seting
> change dashboard [ because your dashnboard is doesnt interesting ]
> add new feature on your site [ like forum on your site ]
> can sell LTC
> enable contac seller for discount or anything *lol
_________
for bug .. i think its doesnt bug in your site again
Thank you for the suggestions. You can already sell LTC and communicate with seller when the order is in progress. Nice to know that you did not find any bug. ask
03AHJ_Vuu3FUG45V4jKXui9Csz8rHSgdjqULKk9jIt71lGp1uyeoCJXG8QVr0TBcwRqRA0pjJkJMkXo l2rVc-ahk5Ojl1hzcZ9G0r0MPkvePeJd_AueZwA7wgmcTKhAC039YtGTPiytye6hYJlRRwBt9xSCUG4zO3D7i0aXikE9e64ojGloq7f_Pz-3GWEfxeKgKzvZlVWcCSL078cHcO35cWhgczdocyLm8TgCqxAJdurAAf8N73J9tmQNZgm-9nFyaNtwS2ptNS_kjlbzuMohpV4fcm8tgu1CA
what is that it show up after in password after write captcha your site say " please copy this ... "
Can you please provide a screenshot of this ? Also, please let us know when you are getting this and in which browser. sorry i forget screenshot browser :UcBrowser [ mobile browser ] and can u add : > converter btc to any currency > and currency BTC to $ graph i will very thx if you donate me / pay me for some btc 1JxXDzcnWk1sMR1JiG2agZeELEa6g95pXd |
|
|
|
|
|
Albert Hamilton
|
|
April 28, 2015, 10:53:21 AM |
|
I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).
I wonder how do u brute-force here ? They are behind CloudFlare. Your loop wont work from browser/iframe/command prompt. |
|
|
|
|
CoinFriend
Sr. Member
Offline
Activity: 266
Merit: 250
support.
|
|
April 28, 2015, 11:43:00 AM |
|
hey admin, why do you have two different threads? why is no information about the BETA status on your website? and why do you provide so less information about your site. why you didn't answer my questions personally on the other thread? https://bitcointalk.org/index.php?topic=985796.0Extremely sorry for the delay. We were little busy in providing support on the site. We have replied to you in the Active Trader thread as well. This one is for bug bounty. So, there are 2 different threads. Thank you for your interest. thanks for reply. I am a little bit confused now. I don't understand why you didn't offer the same reward for the active traders, for finding bugs. Does someone who is active not deserve a reward if he found something wrong? And why is there no information / link about the other thread on each? Are this both really the only two? Or is there also one where you explain how your site works and what i can do with your site? I like to know this information before i fill out register form on a site! And yeah, i understand that you must be busy if you have to manage two threads to support your site^^ Later i have look what you reply in the Active Trader thread as well... |
|
|
|
|
GiocareHost
|
|
April 28, 2015, 02:21:29 PM |
|
I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).
I wonder how do u brute-force here ? They are behind CloudFlare. Your loop wont work from browser/iframe/command prompt. They have a basic Plan of cloudflare,which couldn't protect them if I use iframe. |
|
|
|
|
|
Albert Hamilton
|
|
April 28, 2015, 03:34:02 PM |
|
I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).
I wonder how do u brute-force here ? They are behind CloudFlare. Your loop wont work from browser/iframe/command prompt. They have a basic Plan of cloudflare,which couldn't protect them if I use iframe. mode is available under free plan only. Moreover they initially had a CAPTCHA on the home page as well as you'll find in the screenshot in OP. May be they are not using it right now for some reason... |
|
|
|
|
|
