Look for bugs in website

Bitcoin Forum

May 08, 2024, 11:08:30 AM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 27.0 [Torrent]

Home

Help

Bitcoin Forum > Economy > Marketplace > Services > Look for bugs in website

Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.

Pages: « 1 [2] All

« previous topic next topic »

Author

Topic: Look for bugs in website (Read 1032 times)

Robertt (OP)

Member

Offline

Activity: 112
Merit: 10

Re: Look for bugs in website

January 22, 2016, 11:49:44 AM

#21

Quote from: Sigals on January 22, 2016, 11:48:02 AM

Quote from: Robertt on January 22, 2016, 11:04:56 AM

Quote from: Sigals on January 22, 2016, 11:03:39 AM

Password is sent in plaintext when logging in - this isn't very good.

Password should be hashed client side and only the hash sent.

Actually, the password is hashed on my side. I'll look around the code and see if it's sent in plaintext although I'm pretty sure it isn't. How'd you find that?

You can see the POST request to login.php here https://i.imgur.com/PAJUukQ.png

Look at the form data sent - password is in plaintext.

Strange, I'm getting is as MD5.
I'll tighten it up on the new domain to a better encryption method.
What's your btc address

-- all payments will be sent within 24 hours from now

BitcoinCleanup.com: Learn why Bitcoin isn't bad for the environment

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1715166510

Hero Member

Offline

Posts: 1715166510

Ignore

1715166510

1715166510


	Report to moderator

1715166510

Hero Member

Offline

Posts: 1715166510

Ignore

1715166510


	Report to moderator

1715166510

Hero Member

Offline

Posts: 1715166510

Ignore

1715166510


	Report to moderator

TastyChillySauce00

Legendary

Offline

Activity: 2982
Merit: 1028

Leading Crypto Sports Betting & Casino Platform

Re: Look for bugs in website

January 22, 2016, 11:57:36 AM

#22

better for you to give a demo account mentioned on first post because not all of people want to sign up even it only take 5 minutes, just "demo" as user and password , simple but helpful

..^Stake.com..

▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████

Play
Smarter

▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█

Leading Crypto Sports Betting
&&&&& Casino Platform

▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀

..^{PLAY NOW}..

Sigals

Member

Offline

Activity: 76
Merit: 10

Re: Look for bugs in website

January 22, 2016, 12:00:50 PM

#23

Quote from: Robertt on January 22, 2016, 11:49:44 AM

Quote from: Sigals on January 22, 2016, 11:48:02 AM

Quote from: Robertt on January 22, 2016, 11:04:56 AM

Quote from: Sigals on January 22, 2016, 11:03:39 AM

Password is sent in plaintext when logging in - this isn't very good.

Password should be hashed client side and only the hash sent.

Actually, the password is hashed on my side. I'll look around the code and see if it's sent in plaintext although I'm pretty sure it isn't. How'd you find that?

You can see the POST request to login.php here https://i.imgur.com/PAJUukQ.png

Look at the form data sent - password is in plaintext.

Strange, I'm getting is as MD5.
I'll tighten it up on the new domain to a better encryption method.
What's your btc address

-- all payments will be sent within 24 hours from now

1LYkfhN97MdEt74uWhmYmZ53KbJ4iFJBcs

I'm not seeing any javascript being loaded to hash the password client-side, might want to check that.

✟ JESUSCOIN ✟
DECENTRALIZING JESUS
PRESALE STARTED | HOMEPAGE WHITEPAPER

mxnsch

Sr. Member

Offline

Activity: 471
Merit: 252

Re: Look for bugs in website

January 22, 2016, 12:28:02 PM

#24

Quote from: Robertt on January 22, 2016, 11:44:07 AM

Quote from: Bitcoin_Delivery on January 22, 2016, 11:42:49 AM

Hi Rob....basically i still didn't understand what you sell with packages...
Daily Package / $3....for what?
No doubt that t site isn't a scam, but would be nice if you can explain to me (and others) what function your site have?
You sell "mining power" or what?
Thanks!

It's an account generator. I would look for bugs my self but I'm not on a pc right now so that limits my abilities.
@mxnsch Thanks for that, the first two aren't really bugs but the last three I'll count. what's your btc address?

I have to insist, those first are bugs security-wise and shall be addressed following best practices to secure customer data.

Please keep your BTC, i am doing professional penetration tests and was just having fun during a 5 minute lunch break. If you pay me, this would feel like work Grin

Cheers and best of luck

██ ███ nope ██ ███

Pages: « 1 [2] All

Bitcoin Forum > Economy > Marketplace > Services > Look for bugs in website

« previous topic next topic »

Jump to: