Bitcoin Forum
August 21, 2018, 07:16:31 AM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 »  All
  Print  
Author Topic: Start your Dice casino site! CoinDice 1.0 script [1.1 BTC]  (Read 23119 times)
TripleHeXXX
Full Member
***
Offline Offline

Activity: 176
Merit: 102


https://www.cryptopia.co.nz


View Profile WWW
February 10, 2014, 07:34:27 AM
 #61

Found a couple of potential holes:

requestAccess.php:

if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

admin\ajax\delete_admin.php:

mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");

Also it looks like the passwords are stored as non salted MD5 hashes Sad

    ★★★ Cryptocurrency Platform Services ★★★
Exchange | Mineshaft |  Marketplace 【 Cryptopia 】 Rewards | CoinInfo | | f | | t | | BTC |           
★▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▀▀▀▀▀▀▀▀▀▀▀▀▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔★          
1534835791
Hero Member
*
Offline Offline

Posts: 1534835791

View Profile Personal Message (Offline)

Ignore
1534835791
Reply with quote  #2

1534835791
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534835791
Hero Member
*
Offline Offline

Posts: 1534835791

View Profile Personal Message (Offline)

Ignore
1534835791
Reply with quote  #2

1534835791
Report to moderator
1534835791
Hero Member
*
Offline Offline

Posts: 1534835791

View Profile Personal Message (Offline)

Ignore
1534835791
Reply with quote  #2

1534835791
Report to moderator
btc-mike
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000



View Profile
February 10, 2014, 09:16:54 AM
 #62

I also bought the script. PM me for more info. I like to keep things private.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1778
Merit: 1004


A Great Time to Start Something!


View Profile
February 10, 2014, 09:29:43 AM
 #63

Buyers want to be the house, only to find out they are the gamblers....oops.

FYI: We are planning a fun, harmless "10% Attack" on the ETH/ICO Bubble Game.
johny1976
Legendary
*
Offline Offline

Activity: 1136
Merit: 1002


Developer


View Profile
February 10, 2014, 10:20:11 AM
 #64

Found a couple of potential holes:

requestAccess.php:

if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

admin\ajax\delete_admin.php:

mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");

Also it looks like the passwords are stored as non salted MD5 hashes Sad

Passwords are stored as md5 hash.

There's no such thing in requestAccess.php:



It may been edited by someone else (hacker).

admin/ajax/delete_admin.php:

i think it's ok, what's wrong with that?

jonstaz, we didn't stole anything from you.


If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.
TripleHeXXX
Full Member
***
Offline Offline

Activity: 176
Merit: 102


https://www.cryptopia.co.nz


View Profile WWW
February 10, 2014, 10:44:09 AM
 #65

Passwords are stored as md5 hash.

There's no such thing in requestAccess.php:



It may been edited by someone else (hacker).

admin/ajax/delete_admin.php:

i think it's ok, what's wrong with that?

jonstaz, we didn't stole anything from you.


If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.


My bad, it's in /admin/index.php not requestAccess.php

              if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

So the problem with that, and admin\ajax\delete_admin.php:

mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");

is that _GET is in the URL, which allows for an injection, we can put any .php in there, and because you don't have any IN_SCRIPT variables defined there's nothing preventing included pages being accessed directly.

Just hashing the passwords in MD5 isn't good enough, you at very least need to salt each of the hashes.

There are no transactions for admin deposits or withdrawals.



    ★★★ Cryptocurrency Platform Services ★★★
Exchange | Mineshaft |  Marketplace 【 Cryptopia 】 Rewards | CoinInfo | | f | | t | | BTC |           
★▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▀▀▀▀▀▀▀▀▀▀▀▀▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔★          
johny1976
Legendary
*
Offline Offline

Activity: 1136
Merit: 1002


Developer


View Profile
February 10, 2014, 10:53:32 AM
 #66

Passwords are stored as md5 hash.

There's no such thing in requestAccess.php:



It may been edited by someone else (hacker).

admin/ajax/delete_admin.php:

i think it's ok, what's wrong with that?

jonstaz, we didn't stole anything from you.


If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.


My bad, it's in /admin/index.php not requestAccess.php

              if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

So the problem with that, and admin\ajax\delete_admin.php:

mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");

is that _GET is in the URL, which allows for an injection, we can put any .php in there, and because you don't have any IN_SCRIPT variables defined there's nothing preventing included pages being accessed directly.

Just hashing the passwords in MD5 isn't good enough, you at very least need to salt each of the hashes.

There are no transactions for admin deposits or withdrawals.




    if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

This is OK. It's including the file only if the file is located at the /pages folder. That's standart procedur.

is that _GET is in the URL, which allows for an injection ...

There is function prot(), which protects the query against sql injection.

and because you don't have any IN_SCRIPT variables defined there's nothing preventing included pages being accessed directly.

Every included file contents this row at th beginning:



btw. You can't include remote PHP file from another server, because web service never gives the unexecutted file..

So it means that no flaw has been found.

Please read something about PHP before you claims something like this.
jontstaz
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
February 10, 2014, 10:59:29 AM
 #67

If no flaw has been found then why did the exact same thing happen to two different people? It seems something shifty is going on imo.

Johny please send me the fixes I requested as well. With the finished files I will send it all off to a verified security researcher and from there I will find out the truth.

Thanks,
TripleHeXXX
Full Member
***
Offline Offline

Activity: 176
Merit: 102


https://www.cryptopia.co.nz


View Profile WWW
February 10, 2014, 11:00:13 AM
 #68

I said they were POTENTIALLY holes, so calm down. I've had ~1,000,000 VOLT, ~60,000 BIC, ~30,000 DGB and ~10,000 POT stolen, so if anyone should be getting antsy it's me.

    ★★★ Cryptocurrency Platform Services ★★★
Exchange | Mineshaft |  Marketplace 【 Cryptopia 】 Rewards | CoinInfo | | f | | t | | BTC |           
★▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▀▀▀▀▀▀▀▀▀▀▀▀▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔★          
johny1976
Legendary
*
Offline Offline

Activity: 1136
Merit: 1002


Developer


View Profile
February 10, 2014, 11:04:22 AM
 #69

I said they were POTENTIALLY holes, so calm down. I've had ~1,000,000 VOLT, ~60,000 BIC, ~30,000 DGB and ~10,000 POT stolen, so if anyone should be getting antsy it's me.

I understand your position and I'm sorry for your lost. Stay touched before we gets security research result.

If no flaw has been found then why did the exact same thing happen to two different people? It seems something shifty is going on imo.

Johny please send me the fixes I requested as well. With the finished files I will send it all off to a verified security researcher and from there I will find out the truth.

Thanks,

Working on it, sending in few hours.
TripleHeXXX
Full Member
***
Offline Offline

Activity: 176
Merit: 102


https://www.cryptopia.co.nz


View Profile WWW
February 10, 2014, 08:28:48 PM
 #70

So it's been a lot more than a few hours....

    ★★★ Cryptocurrency Platform Services ★★★
Exchange | Mineshaft |  Marketplace 【 Cryptopia 】 Rewards | CoinInfo | | f | | t | | BTC |           
★▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▀▀▀▀▀▀▀▀▀▀▀▀▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔★          
jontstaz
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
February 10, 2014, 09:30:53 PM
 #71

So it's been a lot more than a few hours....

Yeah, hmmm.

Any updates Johny?
Juan Taun
Member
**
Offline Offline

Activity: 72
Merit: 10

Me llamo Juan Tuan. Quiero comida China.


View Profile
February 11, 2014, 10:29:47 PM
 #72

I am willing to evaluate the code, but have any of the creators messaged you back?

btc-mike
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000



View Profile
February 11, 2014, 10:55:30 PM
 #73

I am willing to evaluate the code, but have any of the creators messaged you back?

I have received no response, don't know about others. Perhaps johny is still busy with the script he said he would make on 02/05/2014.
Juan Taun
Member
**
Offline Offline

Activity: 72
Merit: 10

Me llamo Juan Tuan. Quiero comida China.


View Profile
February 11, 2014, 11:27:45 PM
 #74

I am willing to evaluate the code, but have any of the creators messaged you back?

I have received no response, don't know about others. Perhaps johny is still busy with the script he said he would make on 02/05/2014.

Perhaps.

TripleHeXXX
Full Member
***
Offline Offline

Activity: 176
Merit: 102


https://www.cryptopia.co.nz


View Profile WWW
February 12, 2014, 04:33:28 AM
 #75

I would love to give imrer and johny the benefit of the doubt, but with absolutely no response via email, and the responses here being very defensive and unhelpful I dunno that I can much longer.

    ★★★ Cryptocurrency Platform Services ★★★
Exchange | Mineshaft |  Marketplace 【 Cryptopia 】 Rewards | CoinInfo | | f | | t | | BTC |           
★▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▀▀▀▀▀▀▀▀▀▀▀▀▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔★          
Theskydaddy
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
February 16, 2014, 05:44:43 AM
 #76

Looking to buy this if all the other sales give positive feedback on it. As it seems a few customers have been unanswered.
Prabhjot Lalli
Member
**
Offline Offline

Activity: 91
Merit: 10


View Profile
February 17, 2014, 11:09:33 AM
 #77

Any news?

Help out a DRK-Fella: Xvun45BghdWdyoBQX1aGGTjcD5UcQtyeP8 Thanks a lot!
johny1976
Legendary
*
Offline Offline

Activity: 1136
Merit: 1002


Developer


View Profile
February 17, 2014, 12:33:21 PM
 #78

Any news?

I think it's more complex to build in the EMunie API. We are Bitcoin API pro. but we have zero experiences with EMunie as it works on completely different principle and API than most of the cryptos.

I think it's work for EMunie professionals, that's what can I say now.

Sorry
johny1976
Legendary
*
Offline Offline

Activity: 1136
Merit: 1002


Developer


View Profile
February 17, 2014, 05:22:54 PM
 #79

Check your skype I sent the 1.1BTC and waiting for your response. Thank you!

Responded. Thank you!
BTC5OOO
Member
**
Offline Offline

Activity: 98
Merit: 10

Trust:+4:20--Warning* ASICs with extreme hashrate!


View Profile
February 17, 2014, 06:29:37 PM
 #80

Use your own design.

I do not recommend buying this.


looking into this cesspool --- for once i may agree with you! =\ *will report back*
Pages: « 1 2 3 [4] 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!