Bitcoin Forum
May 11, 2024, 07:11:05 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Local > 中文 (Chinese) > 中国比特币chbtc交易所存在低级漏洞,黑客可以恶意清空用户所有的币
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: 中国比特币chbtc交易所存在低级漏洞,黑客可以恶意清空用户所有的币  (Read 431 times)
eosethbtc (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
September 01, 2017, 04:17:19 PM
Last edit: September 03, 2017, 02:48:12 AM by eosethbtc
 #1
参考这个微信公众号的这篇文章,按道理说csrf这么基本的漏洞不应该有,但是chbtc居然没有修补,我刚用开发者模式看了一下他们的网站,确实和文章里描述的一样,只不过没有指明是chbtc罢了

https://mp.weixin.qq.com/s?__biz=MzI5NTc4OTQ4Nw==&mid=2247483872&idx=1&sn=62964b16729ca99e31cecd915f93d144&chksm=ec4f7720db38fe368f444b21bb412c17ab66f0847b7b850ac9ff6dfe93b223957ab9f6840a4f#rd
1715411465
Hero Member
*
Offline Offline

Posts: 1715411465

View Profile Personal Message (Offline)

Ignore
1715411465
1715411465
Reply with quote  #2
1715411465
Report to moderator
1715411465
Hero Member
*
Offline Offline

Posts: 1715411465

View Profile Personal Message (Offline)

Ignore
1715411465
1715411465
Reply with quote  #2
1715411465
Report to moderator
Every time a block is mined, a certain amount of BTC (called the subsidy) is created out of thin air and given to the miner. The subsidy halves every four years and will reach 0 in about 130 years.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715411465
Hero Member
*
Offline Offline

Posts: 1715411465

View Profile Personal Message (Offline)

Ignore
1715411465
1715411465
Reply with quote  #2
1715411465
Report to moderator
taidulvseh78044
Sr. Member
****
Offline Offline

Activity: 438
Merit: 250


View Profile
September 01, 2017, 08:02:00 PM
 #2
这很危险啊,还好很少在CHBTC交易,感觉现在最容易出事的就是交易平台,有币还是放自己钱包安全
eosethbtc (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
September 03, 2017, 02:47:43 AM
 #3
Quote from: taidulvseh78044 on September 01, 2017, 08:02:00 PM
这很危险啊,还好很少在CHBTC交易,感觉现在最容易出事的就是交易平台,有币还是放自己钱包安全

是啊,目前还是没有修复
Mr.K
Member
**
Offline Offline

Activity: 81
Merit: 10


View Profile
September 12, 2017, 01:28:52 AM
 #4
感谢大家对chbtc的关注!对于楼主提出的问题,我们在这里做一下说明:
1、此问题是以前的一个小问题,已经做了防护;
2、此问题的前提是用户自己访问了病毒网站页面,并且点击了病毒网站的链接,并不是说攻击者可以随意发起针对任意用户,在此也提醒操作金融业务的浏览器与普通浏览网页的浏览器要分开,或者电脑直接不要访问不安全网站;
3、即使可能受本问题影响,成交价格也是市场价,不会是谣言给出的地板价;
4、这类问题是同一浏览器浏览不同网站,跨域带来的前端引用问题,不是后端服务漏洞,影响有限,大部分网站都没有做防范措施。
5、再次感谢大家支持与关注。
herehero
Full Member
***
Offline Offline

Activity: 124
Merit: 100


View Profile
September 12, 2017, 01:30:12 AM
 #5
买买提原则要遵守啊
scutzhang
Member
**
Offline Offline

Activity: 126
Merit: 10


View Profile
September 12, 2017, 03:49:09 PM
 #6
交易所的风险还是蛮大的,
   ⚡⚡ PRiVCY ⚡⚡   ▂▃▅▆█ ✅ PRiVCY ($PRIV) is a new PoW/PoS revolutionary privacy project ● ☞ ✅ Best privacy crypto-market! ● █▆▅▃▂
    Own Your Privacy! ─────────────────║ WebsiteGithub  |  Bitcointalk  |  Twitter  |  Discord  |  Explorer ║─────────────────
   ✯✯✯✯✯                 ✈✈✈[Free Airdrop - Starts 9th June]✅[Bounty]✈✈✈ ║───────────║ Wallet ➢ ✓ Windows  |  ✓ macOS  |  ✓ Linux
Pages: [1]
  Print  
Bitcoin Forum > Local > 中文 (Chinese) > 中国比特币chbtc交易所存在低级漏洞,黑客可以恶意清空用户所有的币
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!