Bitcoin Forum
May 07, 2024, 01:44:28 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Local > 中文 (Chinese) > 中国比特币chbtc交易所存在低级漏洞,黑客可以恶意清空用户所有的币
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: 中国比特币chbtc交易所存在低级漏洞,黑客可以恶意清空用户所有的币  (Read 431 times)
eosethbtc (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
September 01, 2017, 04:17:19 PM
Last edit: September 03, 2017, 02:48:12 AM by eosethbtc
 #1
参考这个微信公众号的这篇文章,按道理说csrf这么基本的漏洞不应该有,但是chbtc居然没有修补,我刚用开发者模式看了一下他们的网站,确实和文章里描述的一样,只不过没有指明是chbtc罢了

https://mp.weixin.qq.com/s?__biz=MzI5NTc4OTQ4Nw==&mid=2247483872&idx=1&sn=62964b16729ca99e31cecd915f93d144&chksm=ec4f7720db38fe368f444b21bb412c17ab66f0847b7b850ac9ff6dfe93b223957ab9f6840a4f#rd
1715089468
Hero Member
*
Offline Offline

Posts: 1715089468

View Profile Personal Message (Offline)

Ignore
1715089468
1715089468
Reply with quote  #2
1715089468
Report to moderator
1715089468
Hero Member
*
Offline Offline

Posts: 1715089468

View Profile Personal Message (Offline)

Ignore
1715089468
1715089468
Reply with quote  #2
1715089468
Report to moderator
1715089468
Hero Member
*
Offline Offline

Posts: 1715089468

View Profile Personal Message (Offline)

Ignore
1715089468
1715089468
Reply with quote  #2
1715089468
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715089468
Hero Member
*
Offline Offline

Posts: 1715089468

View Profile Personal Message (Offline)

Ignore
1715089468
1715089468
Reply with quote  #2
1715089468
Report to moderator
1715089468
Hero Member
*
Offline Offline

Posts: 1715089468

View Profile Personal Message (Offline)

Ignore
1715089468
1715089468
Reply with quote  #2
1715089468
Report to moderator
1715089468
Hero Member
*
Offline Offline

Posts: 1715089468

View Profile Personal Message (Offline)

Ignore
1715089468
1715089468
Reply with quote  #2
1715089468
Report to moderator
taidulvseh78044
Sr. Member
****
Offline Offline

Activity: 438
Merit: 250


View Profile
September 01, 2017, 08:02:00 PM
 #2
这很危险啊,还好很少在CHBTC交易,感觉现在最容易出事的就是交易平台,有币还是放自己钱包安全
eosethbtc (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
September 03, 2017, 02:47:43 AM
 #3
Quote from: taidulvseh78044 on September 01, 2017, 08:02:00 PM
这很危险啊,还好很少在CHBTC交易,感觉现在最容易出事的就是交易平台,有币还是放自己钱包安全

是啊,目前还是没有修复
Mr.K
Member
**
Offline Offline

Activity: 81
Merit: 10


View Profile
September 12, 2017, 01:28:52 AM
 #4
感谢大家对chbtc的关注!对于楼主提出的问题,我们在这里做一下说明:
1、此问题是以前的一个小问题,已经做了防护;
2、此问题的前提是用户自己访问了病毒网站页面,并且点击了病毒网站的链接,并不是说攻击者可以随意发起针对任意用户,在此也提醒操作金融业务的浏览器与普通浏览网页的浏览器要分开,或者电脑直接不要访问不安全网站;
3、即使可能受本问题影响,成交价格也是市场价,不会是谣言给出的地板价;
4、这类问题是同一浏览器浏览不同网站,跨域带来的前端引用问题,不是后端服务漏洞,影响有限,大部分网站都没有做防范措施。
5、再次感谢大家支持与关注。
herehero
Full Member
***
Offline Offline

Activity: 124
Merit: 100


View Profile
September 12, 2017, 01:30:12 AM
 #5
买买提原则要遵守啊
scutzhang
Member
**
Offline Offline

Activity: 126
Merit: 10


View Profile
September 12, 2017, 03:49:09 PM
 #6
交易所的风险还是蛮大的,
   ⚡⚡ PRiVCY ⚡⚡   ▂▃▅▆█ ✅ PRiVCY ($PRIV) is a new PoW/PoS revolutionary privacy project ● ☞ ✅ Best privacy crypto-market! ● █▆▅▃▂
    Own Your Privacy! ─────────────────║ WebsiteGithub  |  Bitcointalk  |  Twitter  |  Discord  |  Explorer ║─────────────────
   ✯✯✯✯✯                 ✈✈✈[Free Airdrop - Starts 9th June]✅[Bounty]✈✈✈ ║───────────║ Wallet ➢ ✓ Windows  |  ✓ macOS  |  ✓ Linux
Pages: [1]
  Print  
Bitcoin Forum > Local > 中文 (Chinese) > 中国比特币chbtc交易所存在低级漏洞,黑客可以恶意清空用户所有的币
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!