Start your Dice casino site! CoinDice 1.0 script [1.1 BTC]

[TripleHeXXX]

Found a couple of potential holes:

requestAccess.php:

if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

admin\ajax\delete_admin.php:

mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");

Also it looks like the passwords are stored as non salted MD5 hashes

[1714017086]

1714017086

[1714017086]

1714017086

[1714017086]

1714017086

[1714017086]

1714017086

[1714017086]

1714017086

[btc-mike]

I also bought the script. PM me for more info. I like to keep things private.

[Bit_Happy]

Buyers want to be the house, only to find out they are the gamblers....oops.

[johny1976]

Found a couple of potential holes:

requestAccess.php:

if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

admin\ajax\delete_admin.php:

mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");

Also it looks like the passwords are stored as non salted MD5 hashes

Passwords are stored as md5 hash.

There's no such thing in requestAccess.php:



It may been edited by someone else (hacker).

admin/ajax/delete_admin.php:

i think it's ok, what's wrong with that?

jonstaz, we didn't stole anything from you.


If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.

[TripleHeXXX]

Passwords are stored as md5 hash.

There's no such thing in requestAccess.php:



It may been edited by someone else (hacker).

admin/ajax/delete_admin.php:

i think it's ok, what's wrong with that?

jonstaz, we didn't stole anything from you.


If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.

My bad, it's in /admin/index.php not requestAccess.php

              if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

So the problem with that, and admin\ajax\delete_admin.php:

mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");

is that _GET is in the URL, which allows for an injection, we can put any .php in there, and because you don't have any IN_SCRIPT variables defined there's nothing preventing included pages being accessed directly.

Just hashing the passwords in MD5 isn't good enough, you at very least need to salt each of the hashes.

There are no transactions for admin deposits or withdrawals.

[johny1976]

Passwords are stored as md5 hash.

There's no such thing in requestAccess.php:



It may been edited by someone else (hacker).

admin/ajax/delete_admin.php:

i think it's ok, what's wrong with that?

jonstaz, we didn't stole anything from you.


If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.

My bad, it's in /admin/index.php not requestAccess.php

              if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

So the problem with that, and admin\ajax\delete_admin.php:

mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");

is that _GET is in the URL, which allows for an injection, we can put any .php in there, and because you don't have any IN_SCRIPT variables defined there's nothing preventing included pages being accessed directly.

Just hashing the passwords in MD5 isn't good enough, you at very least need to salt each of the hashes.

There are no transactions for admin deposits or withdrawals.

    if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
                include './pages/'.$_GET['p'].'.php';

This is OK. It's including the file only if the file is located at the /pages folder. That's standart procedur.

is that _GET is in the URL, which allows for an injection ...

There is function prot(), which protects the query against sql injection.

and because you don't have any IN_SCRIPT variables defined there's nothing preventing included pages being accessed directly.

Every included file contents this row at th beginning:



btw. You can't include remote PHP file from another server, because web service never gives the unexecutted file..

So it means that no flaw has been found.

Please read something about PHP before you claims something like this.

[jontstaz]

If no flaw has been found then why did the exact same thing happen to two different people? It seems something shifty is going on imo.

Johny please send me the fixes I requested as well. With the finished files I will send it all off to a verified security researcher and from there I will find out the truth.

Thanks,

[TripleHeXXX]

I said they were POTENTIALLY holes, so calm down. I've had ~1,000,000 VOLT, ~60,000 BIC, ~30,000 DGB and ~10,000 POT stolen, so if anyone should be getting antsy it's me.

[johny1976]

I said they were POTENTIALLY holes, so calm down. I've had ~1,000,000 VOLT, ~60,000 BIC, ~30,000 DGB and ~10,000 POT stolen, so if anyone should be getting antsy it's me.

I understand your position and I'm sorry for your lost. Stay touched before we gets security research result.

If no flaw has been found then why did the exact same thing happen to two different people? It seems something shifty is going on imo.

Johny please send me the fixes I requested as well. With the finished files I will send it all off to a verified security researcher and from there I will find out the truth.

Thanks,

Working on it, sending in few hours.

[TripleHeXXX]

So it's been a lot more than a few hours....

[jontstaz]

So it's been a lot more than a few hours....

Yeah, hmmm.

Any updates Johny?

[Juan Taun]

I am willing to evaluate the code, but have any of the creators messaged you back?

[btc-mike]

I am willing to evaluate the code, but have any of the creators messaged you back?

I have received no response, don't know about others. Perhaps johny is still busy with the script he said he would make on 02/05/2014.

[Juan Taun]

I am willing to evaluate the code, but have any of the creators messaged you back?

I have received no response, don't know about others. Perhaps johny is still busy with the script he said he would make on 02/05/2014.

Perhaps.

[TripleHeXXX]

I would love to give imrer and johny the benefit of the doubt, but with absolutely no response via email, and the responses here being very defensive and unhelpful I dunno that I can much longer.

[Theskydaddy]

Looking to buy this if all the other sales give positive feedback on it. As it seems a few customers have been unanswered.

[Prabhjot Lalli]

Any news?

[johny1976]

Any news?

I think it's more complex to build in the EMunie API. We are Bitcoin API pro. but we have zero experiences with EMunie as it works on completely different principle and API than most of the cryptos.

I think it's work for EMunie professionals, that's what can I say now.

Sorry

[johny1976]

Check your skype I sent the 1.1BTC and waiting for your response. Thank you!

Responded. Thank you!

[BTC5OOO]

Use your own design.

I do not recommend buying this.

looking into this cesspool --- for once i may agree with you! =\ *will report back*