Bitcoin Forum
November 19, 2024, 08:34:11 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 »
  Print  
Author Topic: BitShop - cryptocurrency shopping cart script [PHP/MYSQL] (v1.1.2)  (Read 74867 times)
bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
August 19, 2015, 01:14:26 PM
Last edit: August 23, 2015, 05:37:58 AM by bitfreak!
 #621

I was recently made aware of a CSRF exploit in BitShop which could cause damage if the attack is successful. To prevent it from happening make sure you log out of the admin area when you're finished and be careful not to click any shady links while you're logged in as admin.

Technical details:

The way the exploit works is that the attacker will some how convince the admin to click a link while they are logged in as admin. The link will take the admin to a page on the attackers website. The page will contain some javascript which will submit a hidden form and post data to the BitShop script. Even though the post request is coming from a different domain the admin session will still be resumed because the request came from the web browser of the admin when they visited the attack page.

This is actually one of the attack vectors I didn't know much about up until now because I was never taught about CSRF attacks in my web development classes and I always assumed that it wouldn't be possible to resume a session so easily when the request isn't made locally but apparently I was mistaken. It seems quite ridiculous that it would work that way without any sort of safe guard. Anyway I'll include a patch for the exploit in the next release of BitShop because several files need to be edited.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Pc3ooT
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 26, 2015, 10:20:14 AM
 #622

Waaaht!!!

hehe ok i will see kill my sessions after my work.
Coinbase have my acc banned  Shocked

Can i resell your Script on my page?
next question
Can I be your script on 2 sides of me to use or I have to buy again?

PS:
I plan a Web page where newcomers and to share advanced people. However, in the German area. If you feel like you have can indeed times over watching you since in my opinion a good PHP developer are.
SteamGamesBTC.com
Hero Member
*****
Offline Offline

Activity: 734
Merit: 507



View Profile WWW
August 26, 2015, 10:25:30 AM
 #623

Can i resell your Script on my page?
next question
Can I be your script on 2 sides of me to use or I have to buy again?

license.txt says:
Quote
SUMMARY:
-Can be used on 1 site, 1 server
-Source-code cannot be resold or distributed
-Commercial use allowed
-Can modify source-code but cannot distribute derivative works

SteamGamesBTC.com
> Automatic 24/7 bot: purchase any Steam game 20% cheaper with Bitcoin! <
Pc3ooT
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 26, 2015, 10:43:22 AM
Last edit: August 26, 2015, 06:50:52 PM by Pc3ooT
 #624

Can i resell your Script on my page?
next question
Can I be your script on 2 sides of me to use or I have to buy again?

license.txt says:
Quote
SUMMARY:
-Can be used on 1 site, 1 server
-Source-code cannot be resold or distributed
-Commercial use allowed
-Can modify source-code but cannot distribute derivative works

Yes that's why I ask the developer for a special right.

so I'll try it with self-smtp support installed.

//edit

What also would be a good thing I was not able to find what directories and FILES write permissions need
bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
August 27, 2015, 09:15:51 AM
 #625

I was thinking about adding some sort of affiliate or reseller system but I wont get around to it for a while.

If you want to use BitShop on another website then you'll need to purchase BitShop again (get the one-time download).

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Pc3ooT
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 27, 2015, 09:47:36 PM
Last edit: August 27, 2015, 10:03:21 PM by Pc3ooT
 #626

Ok thx its the self site

Ok, I have another question.
how can I find out why the Transactions feed is not loaded?

when it is empty shows that too.
But is what's inside is just feed charge and the hours

***Edit***
Screens
http://prntscr.com/89ny58

http://prntscr.com/89nynm

bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
August 28, 2015, 12:43:32 PM
 #627

So the feed wont load even when it's enabled and contains items? You do have javascript enabled right?

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Pc3ooT
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 28, 2015, 05:53:15 PM
Last edit: August 28, 2015, 08:05:46 PM by Pc3ooT
 #628

Yes Javascript is global enabled. on my other Pages works Javascript normal
JQuery is loading
http://prntscr.com/89yo2l

http://prntscr.com/8a0aer
bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
August 29, 2015, 02:09:31 PM
 #629

Well the feed seems to be working on my local installation so I'm not sure why it isn't working for you. I'll probably need to take a look at your website to figure it out.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
August 30, 2015, 10:08:20 AM
 #630

Ok the feed.php page isn't showing anything so that must be the problem. Seems like the /inc/rss.inc file cannot be read for some reason, I'm guessing it is a permission error. To answer your question about permissions, all the folders should be set to 755 and all the files should be set to 644 or 744. In some cases you might also need to make sure that the files which need to be written to are owned by apache, the easiest way to do that is to allow PHP to create those files. The files which need to be written to include /inc/rss.inc, /inc/email_body.inc, /inc/feat_ids.inc, and all the config and log files in the inc and sci folders (if you're able to change the settings from within the admin area then the config files must be writable).

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Pc3ooT
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 30, 2015, 03:54:07 PM
Last edit: August 30, 2015, 04:23:44 PM by Pc3ooT
 #631

I have adjusted the right way. The browser type view-source: uri.
Then he showed me the contents. But on the home page simply nothing changes.
http://prntscr.com/8amk0t
the problem may lie on apache2 version 2.4?
http://prntscr.com/8amxcv
bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
August 31, 2015, 07:25:22 AM
Last edit: August 31, 2015, 08:25:22 AM by bitfreak!
 #632

I had a closer look and it's actually an encoding problem causing the XML code to be invalid. Since you're using a language with unicode characters they are being encoded as html characters, which the rss feed doesn't seem to like. I'll upload a fixed version of BitShop shortly, I just want to fix one other bug first. For now you should be able to fix the feed by opening rss.inc and replacing all occurrences of &uuml; with ü.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Pc3ooT
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 31, 2015, 08:44:58 AM
 #633

ohh yes its work now.
Ok i have change in my Language für to fuer.

ThX
Pc3ooT
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 31, 2015, 07:06:34 PM
 #634

A request I would have there also still for the next version.
Namely, the one in the admin area can change the account passwords!
Since I festellen now repeatedly had to my server not on web.de sends the mails.

With the SMTP server I've even not yet business is a little intricacies that Strucktur
smokey999
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
September 01, 2015, 07:36:45 PM
 #635

when i use default Gateway and send the bitcoin i get the follow error:

Status: Call to a member function query() on a non-object in /home/smokeyjo/public_html/lib/database.lib.php on line 146


http://prntscr.com/8bht3n


So what s wrong?
bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
September 02, 2015, 11:25:36 PM
 #636

@smokey999: That error means a database connection was not established. You may have downloaded a buggy version of 1.0.7 before I fixed it. Try downloading BitShop again and replace your files. I am also going to release v1.0.8 within the next 24 hours and it will contain a few more bug fixes as well as a fix for the CSRF vulnerability, so you might want to just wait until I release the next version.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
September 03, 2015, 02:33:53 PM
 #637

Version 1.0.8 of BitShop has been released. It fixes a few bugs and CSRF vulnerabilities. It does not add any new features but it is highly recommended to apply this update as it will make BitShop more secure. Anyone with a BitShop key can download the new version in the client file area.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
SteamGamesBTC.com
Hero Member
*****
Offline Offline

Activity: 734
Merit: 507



View Profile WWW
September 03, 2015, 04:00:55 PM
 #638

@bitfreak! You rocks! PS. Update the title of thread. ;-)

SteamGamesBTC.com
> Automatic 24/7 bot: purchase any Steam game 20% cheaper with Bitcoin! <
bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
September 03, 2015, 04:40:59 PM
 #639

@bitfreak! You rocks! PS. Update the title of thread. ;-)
Thanks for reminding me. I have also added a new screenshot since the old one was a bit outdated.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
bitfreak! (OP)
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
September 04, 2015, 11:11:34 AM
 #640

@SteamGamesBTC.com: so have you updated BitShop to the latest version yet?

EDIT: Had a look at your website and you still seem to be running an old version. You really should update, the new version is better in almost every possible way.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!