Bitcoin Forum
September 26, 2022, 07:06:00 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 ... 91 »
  Print  
Author Topic: [ANN] Crypto Rush - Crypto to Crypto exchange  (Read 141727 times)
phants
Full Member
***
Offline Offline

Activity: 177
Merit: 100



View Profile
March 25, 2014, 09:59:13 AM
 #481

Support here? Could you look at the ticket #445916  ?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1664219160
Hero Member
*
Offline Offline

Posts: 1664219160

View Profile Personal Message (Offline)

Ignore
1664219160
Reply with quote  #2

1664219160
Report to moderator
r3wt
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 25, 2014, 10:11:07 AM
Merited by suchmoon (4)
 #482

dear cryptorush "devs". you copied your website from my openex beta source code. you should take the website down immediately.

at the very least, you need to do the following:

find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.

Code:
session_regenerate_id(true);

as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini

the real way to prevent session fixation and hijacking in php
Code:
ini_set('session.cookie_httponly', 1);//prevent hijacking
ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from
ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random
ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.

for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.

I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.

also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
sebalino
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
March 25, 2014, 01:44:01 PM
 #483

Crypto Rush website is not working.They stole my coins.
PhilippeStevens
Full Member
***
Offline Offline

Activity: 214
Merit: 100



View Profile
March 25, 2014, 01:51:01 PM
 #484

dear cryptorush "devs". you copied your website from my openex beta source code. you should take the website down immediately.

at the very least, you need to do the following:

find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.

Code:
session_regenerate_id(true);

as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini

the real way to prevent session fixation and hijacking in php
Code:
ini_set('session.cookie_httponly', 1);//prevent hijacking
ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from
ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random
ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.

for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.

I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.

also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.


If this is true... Everyone should get OUT of CR

sebalino
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
March 25, 2014, 02:09:53 PM
 #485

All coins are stolen!!!! Angry Angry Angry
sebalino
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
March 25, 2014, 02:16:58 PM
 #486

BlackCoin (BC)   Maintenance   Maintenance   MaintenanceFlappyCoin
(FLAP)   Offline   Offline   Offline
HunterCoin (HUC)   Maintenance   Maintenance   Maintenance
cryptonewbie
Full Member
***
Offline Offline

Activity: 392
Merit: 100



View Profile
March 25, 2014, 02:23:18 PM
 #487

Getting concerned that I still cant withdraw my btc.  They shouldn't come back online until all issues are resolved.  The Twitter account is giving false hope.

perhan007
Sr. Member
****
Offline Offline

Activity: 518
Merit: 250



View Profile
March 25, 2014, 02:33:21 PM
 #488

Lol, I just lost 55 LTC with markets.cx

Please don't let me lose additional 250 Million Karmacoins with cryptorush.in Sad
perhan007
Sr. Member
****
Offline Offline

Activity: 518
Merit: 250



View Profile
March 25, 2014, 02:37:39 PM
 #489

It seems to me that the page is actually available, it's just very very very slow Sad
newtypeseed
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
March 25, 2014, 02:49:09 PM
 #490

nice exchange
niki25
Legendary
*
Offline Offline

Activity: 1036
Merit: 1000



View Profile
March 25, 2014, 02:50:54 PM
 #491

when will u get online again?
cryptonewbie
Full Member
***
Offline Offline

Activity: 392
Merit: 100



View Profile
March 25, 2014, 03:05:19 PM
 #492

It seems to me that the page is actually available, it's just very very very slow Sad

Have you withdrawn any funds?

waqas
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250



View Profile
March 25, 2014, 03:09:27 PM
 #493

It seems to me that the page is actually available, it's just very very very slow Sad

Have you withdrawn any funds?

The balances page does not work. Even if it did, you still couldn't withdraw BTC.
Its new exchange but have many bugs I lost nearly 1 million zeit and no one taking responsibility and its shameful

suchmoon
Legendary
*
Offline Offline

Activity: 3178
Merit: 8182


https://bpip.org


View Profile WWW
March 25, 2014, 03:38:57 PM
 #494

I didn't think this could get any more exciting but it just keeps coming. Since the site seems to be still running (can't tell for sure with it being barely responsive) I take it they didn't heed r3wt's warning and it's open season for script kiddies around the world... or maybe it's been pwned long ago and just keeps collecting coins while it can.

Kn_os
Legendary
*
Offline Offline

Activity: 1055
Merit: 1002


View Profile
March 25, 2014, 03:59:34 PM
 #495

Can anybody contact devs..? When balance page will work?
MUBBLE86
Full Member
***
Offline Offline

Activity: 126
Merit: 100

1


View Profile
March 25, 2014, 04:18:17 PM
 #496

Can anybody contact devs..? When balance page will work?

balance page work !

many times site offline cloudflare !!!!!

ever i press withdraw the site down......

please FIX

sell all my altcoins yesterday i need to WD my BTC

perhan007
Sr. Member
****
Offline Offline

Activity: 518
Merit: 250



View Profile
March 25, 2014, 04:54:53 PM
 #497

It seems to me that the page is actually available, it's just very very very slow Sad

Have you withdrawn any funds?

Yes, I was successfull after several attempts.
avanda1121
Full Member
***
Offline Offline

Activity: 124
Merit: 100


View Profile
March 25, 2014, 04:55:44 PM
 #498

Balance page is ok for me....
Kn_os
Legendary
*
Offline Offline

Activity: 1055
Merit: 1002


View Profile
March 25, 2014, 04:56:32 PM
 #499

Balance page is ok for me....

I can't get access to it for 1 hour already Sad

it constatly shows offline.

This page (
https://cryptorush.in/index.php?p=balances
) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by
CloudFlare
menzo
Full Member
***
Offline Offline

Activity: 196
Merit: 100

CapriPay


View Profile WWW
March 25, 2014, 06:03:47 PM
 #500

Balance page is ok for me....

I can't get access to it for 1 hour already Sad

it constatly shows offline.

This page (
https://cryptorush.in/index.php?p=balances
) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by
CloudFlare

online for me, but very slow :S from canaries

CapriPay - Fast, Secure and Easy
CapriPay is a Free Payment Solution Provider supported by an integrated cashback solution and merchant marketing system through FREE mobile applications.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 ... 91 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!