Bitcoin Forum
December 16, 2017, 09:52:58 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: [BETA] EXCHANGE.BYTECOIN.IN  (Read 3161 times)
Byte-Gox
Member
**
Offline Offline

Activity: 70



View Profile
April 12, 2013, 12:40:45 PM
 #1

Goog morning guys,

We are very happy to announce the release of the exchange (http://exchange.bytecoin.in)

It is still rough but the background is highly functional, but like in all betas, bugs are likely to show up.

Please use this thread to post all your feedback about the exchange and what changes/improvements you would like to see.

Enjoy!

Edit: IT experts, please test the site for security vulnerabilities. We want to make sure the exchange is rock solid. Thanks in advance
1513417978
Hero Member
*
Offline Offline

Posts: 1513417978

View Profile Personal Message (Offline)

Ignore
1513417978
Reply with quote  #2

1513417978
Report to moderator
1513417978
Hero Member
*
Offline Offline

Posts: 1513417978

View Profile Personal Message (Offline)

Ignore
1513417978
Reply with quote  #2

1513417978
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513417978
Hero Member
*
Offline Offline

Posts: 1513417978

View Profile Personal Message (Offline)

Ignore
1513417978
Reply with quote  #2

1513417978
Report to moderator
1513417978
Hero Member
*
Offline Offline

Posts: 1513417978

View Profile Personal Message (Offline)

Ignore
1513417978
Reply with quote  #2

1513417978
Report to moderator
1513417978
Hero Member
*
Offline Offline

Posts: 1513417978

View Profile Personal Message (Offline)

Ignore
1513417978
Reply with quote  #2

1513417978
Report to moderator
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1610

Reverse engineer from time to time


View Profile
April 12, 2013, 12:44:10 PM
 #2

BTE<->BTC?

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
Byte-Gox
Member
**
Offline Offline

Activity: 70



View Profile
April 12, 2013, 12:51:18 PM
 #3

Correct!
Walter Rothbard
Sr. Member
****
Offline Offline

Activity: 476


Bytecoin: 8VofSsbQvTd8YwAcxiCcxrqZ9MnGPjaAQm


View Profile WWW
April 12, 2013, 12:58:00 PM
 #4

Fantastic!

Byte-Gox
Member
**
Offline Offline

Activity: 70



View Profile
April 12, 2013, 01:26:41 PM
 #5

IT experts, please test the site for security vulnerabilities. We want to make sure the exchange is rock solid. Thanks in advance
grc
Jr. Member
*
Offline Offline

Activity: 40


View Profile
April 12, 2013, 02:08:51 PM
 #6

IT experts, please test the site for security vulnerabilities. We want to make sure the exchange is rock solid. Thanks in advance

Trying to withdraw without any money gives a fatal error.

Also, I'd replace "username doesn't exist" and "incorrect password" with a less revealing message like "invalid username/password combination", but that's just me being fussy.

grc
Jr. Member
*
Offline Offline

Activity: 40


View Profile
April 12, 2013, 02:55:57 PM
 #7

DO NOT USE THIS SITE YET

It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

Not to mention that in the process of testing it my 0.5 BTE magically turned into 0.005 BTE. I made one order to sell 0.5 BTE at a price of 0.1 (BTC per BTE I presume, but I can't be sure since are no units given for the price, amount or total). When I cancelled it, I only got 0.05 BTE back. I did a similar thing again and it further reduced my balance to 0.005 BTE.

So I'd definitely recommend avoiding this site for now/ever.

Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1610

Reverse engineer from time to time


View Profile
April 12, 2013, 03:17:08 PM
 #8

DO NOT USE THIS SITE

It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

Not to mention that in the process of testing it my 0.5 BTE magically turned into 0.005 BTE. I made one order to sell 0.5 BTE at a price of 0.1 (BTC per BTE I presume, but I can't be sure since are no units given for the price, amount or total). When I cancelled it, I only got 0.05 BTE back. I did a similar thing again and it further reduced my balance to 0.005 BTE.

So I'd definitely recommend avoiding this site for now/ever.
Best way to fix csrf is to use POST more(with some hidden randomly generated tokens) for most stuff, and less GET requests with dynamic data.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1176


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
April 12, 2013, 03:25:31 PM
 #9

DO NOT USE THIS SITE

It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

Not to mention that in the process of testing it my 0.5 BTE magically turned into 0.005 BTE. I made one order to sell 0.5 BTE at a price of 0.1 (BTC per BTE I presume, but I can't be sure since are no units given for the price, amount or total). When I cancelled it, I only got 0.05 BTE back. I did a similar thing again and it further reduced my balance to 0.005 BTE.

So I'd definitely recommend avoiding this site for now/ever.

Wow you're a real jerk considering they asked for help pointing out security vulnerabilities and you go all ape-shit on them with your enormous red font.

more or less retired.
grc
Jr. Member
*
Offline Offline

Activity: 40


View Profile
April 12, 2013, 03:30:00 PM
 #10

Wow you're a real jerk considering they asked for help pointing out security vulnerabilities and you go all ape-shit on them with your enormous red font.

Sorry. I just don't want other people to lose money like I did.

Byte-Gox
Member
**
Offline Offline

Activity: 70



View Profile
April 12, 2013, 03:31:23 PM
 #11

Wow you're a real jerk considering they asked for help pointing out security vulnerabilities and you go all ape-shit on them with your enormous red font.

Sorry. I just don't want other people to lose money like I did.

How much did you lose?

Post your address
grc
Jr. Member
*
Offline Offline

Activity: 40


View Profile
April 12, 2013, 03:34:47 PM
 #12

Wow you're a real jerk considering they asked for help pointing out security vulnerabilities and you go all ape-shit on them with your enormous red font.

Sorry. I just don't want other people to lose money like I did.

How much did you lose?

Post your address

Not much at all. I just used a tiny bit while testing and lost almost most of it, so I wanted to warn others. I apologise if I was rude about it before.

saigo
Full Member
***
Offline Offline

Activity: 126



View Profile
April 12, 2013, 03:47:08 PM
 #13


seems I have an emerald to sell - https://bitcointalk.org/index.php?topic=174455.20   Undecided

Saigō Takamori : ( 1828 – 1877) was one of the most influential samurai in Japanese history. He has been dubbed the last true samurai.
brie
Full Member
***
Offline Offline

Activity: 154



View Profile WWW
April 12, 2013, 04:47:31 PM
 #14

DO NOT USE THIS SITE YET
It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

I have an easy solution for the exchange to fix the biggest problem there.

Simply allow users to lock their payment address.

My Bytecoin P2Pool: http://limitedloot.org:6327
Rubberduckie
Legendary
*
Offline Offline

Activity: 1442



View Profile
April 12, 2013, 06:34:36 PM
 #15

Goog morning guys,

We are very happy to announce the release of the exchange (http://exchange.bytecoin.in)

It is still rough but the background is highly functional, but like in all betas, bugs are likely to show up.

Please use this thread to post all your feedback about the exchange and what changes/improvements you would like to see.

Enjoy!

Edit: IT experts, please test the site for security vulnerabilities. We want to make sure the exchange is rock solid. Thanks in advance

nice work Sir Smiley

Rubberduckie
Legendary
*
Offline Offline

Activity: 1442



View Profile
April 12, 2013, 07:25:20 PM
 #16

Deposits and payouts work fine  Smiley

jhd
Member
**
Offline Offline

Activity: 61


View Profile WWW
April 12, 2013, 09:17:05 PM
 #17

Thanx for it i try it soon Cheesy

Litecoin Lottery, Litecoin Roulette : http://www.coinpixel.com
Byte-Gox
Member
**
Offline Offline

Activity: 70



View Profile
April 12, 2013, 09:34:24 PM
 #18

Welcome guys!
blastbob
Hero Member
*****
Offline Offline

Activity: 588



View Profile
April 12, 2013, 10:05:12 PM
 #19

I am buying 3750 BTE! fill my order please.

Psst.. Got Ether?
dust
Hero Member
*****
Offline Offline

Activity: 840



View Profile WWW
April 12, 2013, 11:06:40 PM
 #20

DO NOT USE THIS SITE YET
It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

I have an easy solution for the exchange to fix the biggest problem there.

Simply allow users to lock their payment address.
The correct solution is to protect against all CSRF attacks.

I also recommend avoiding this site completely until this critical issue is fixed.  Any site you visit in the same browser could steal your entire balance with absolutely zero interaction from you.
EDIT: FIXED

Funny, the first thing I thought of after seeing this site was "it is probably vulnerable to CSRF".

Cryptocoin Mining Info | OTC | PGP | Twitter | freenode: dust-otc | BTC: 1F6fV4U2xnpAuKtmQD6BWpK3EuRosKzF8U
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!