Bitcoin Forum
December 13, 2024, 04:29:45 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: Coindice [Warning] + Free Download  (Read 1902 times)
Dogemogul (OP)
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
April 18, 2014, 05:59:01 PM
Last edit: April 18, 2014, 07:35:54 PM by Dogemogul
 #1

For those of you using johnny's please be warned..

All current websites using his script have been "hacked" or lost all their coins. It's pretty ridiculous how people still keep
buying his script when even the DEMO he uses isn't working..

For security purposes please download and view his script before purchasing so you can actually see how many
"holes" there are.

-Unadultered Coindice Script-

THIS IS FOR SECURITY TESTING ONLY Wink

https://mega.co.nz/#!SR5z0DRI!ErS5-UtscChLsH6Ldm2-YvnBmJXU2PBo-xsYUENJDI0

(if you believe this is a virus or what not, it's just a ton of php files you can view/modify)

If you wish to install this please redo the following files, they are full of bugs not fixed in any version of coindice (even 3.2?)
../content/cron/check_deposits.php
../content/ajax/withdraw.php
../content/ajax/place.php
../index.php
../admin/(all the files in the admin folder, he's pretty sneaky)

Kyraishi
Hero Member
*****
Offline Offline

Activity: 952
Merit: 513



View Profile
April 18, 2014, 06:01:31 PM
 #2

Fail !
all you "may" "done" would be copying and "fixing" "holes".
Buy some design skills and we may talk later.

Dogemogul (OP)
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
April 18, 2014, 07:16:29 PM
 #3

Please act like a Sr. Member and don't troll. Thanks
It makes you look so less credible than people would think. Imitation is the best form of flattery so if someone wants to open a site that looks just like yours let them? Isn't it better advertisement for your site?
Kyraishi
Hero Member
*****
Offline Offline

Activity: 952
Merit: 513



View Profile
April 18, 2014, 07:19:47 PM
 #4

Please act like a Sr. Member and don't troll. Thanks
It makes you look so less credible than people would think. Imitation is the best form of flattery so if someone wants to open a site that looks just like yours let them? Isn't it better advertisement for your site?
Imitation ? Or you just did a copy / paste ?

Dogemogul (OP)
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
April 18, 2014, 07:27:02 PM
 #5

So your saying some css boxes and a case switch is so difficult... that no one could possibly have done that on their own?
Kyraishi
Hero Member
*****
Offline Offline

Activity: 952
Merit: 513



View Profile
April 18, 2014, 07:42:15 PM
 #6

"And that's why there are patents, and why patents trolls go."

Dogemogul (OP)
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
April 18, 2014, 10:29:24 PM
 #7

I almost understood what you were saying
zeeshanblc
Sr. Member
****
Offline Offline

Activity: 390
Merit: 250



View Profile
April 20, 2014, 05:45:36 AM
 #8

Is there anything good with this script? I don't remember reading any positive feedback, only that it's full of flaws and people loosing money from their wallets
Dogemogul (OP)
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
April 20, 2014, 06:06:53 AM
 #9

No, the coindice script developed by johnny is full of bugs/holes/security issues. in which i have fixed
edric
Hero Member
*****
Offline Offline

Activity: 546
Merit: 501



View Profile
April 28, 2014, 09:02:48 PM
Last edit: April 28, 2014, 10:22:21 PM by edric
 #10

I'm working on it too.. BTW your link is dead, but I managed to grab the copies of CoinDice 2.0 and CoinWheel 1.0 a while back when you posted it. If anyone wants, PM me and I'll give you links. I'm not too concerned with Johny getting upset about it, I've heard the stories of extra admin accounts getting added, wallets emptied. I don't think that's a bug, but a "feature", lol.

I'd like to collaborate to get CoinDice and even CoinWheel fixed up and secure. I'm sick of all the malware and scams floating around, let's do something about it.



Edit: I'm still learning PHP and SQL but it kinda looks to me like there's a few ways to elevate yourself to admin privs in the script.. in /admin/login.php, /admin/pages/admins.php  and /admin/ajax/edit_admin.php

And also what's up with the install script, it inserts an admin with what I'm assuming is a hash for the PW into the table.. I thought the admin account is made through the form in the script.. Haven't gotten as far as installing it on my test server. Betting it inserts that admin account, then you make your own, leaving a door for the author. I'm not sure about some of those other instances that update the admins table, not sure if the case is if the login is empty then it makes you an admin or it makes admin out of a regular authenticated user.. It's a bit tricky and I'm having a difficult time sorting out what should be there from what shouldn't. Unless Dogemogul can provide some fixed code or a good point of reference my only option is trial and error.. lots of it. Ugh.

Any help would be awesome.

jleefly
Full Member
***
Offline Offline

Activity: 164
Merit: 100

jld.kr - Cryptocurrency Web Development !


View Profile WWW
April 29, 2014, 04:32:06 PM
 #11

Asked Dogemogul to fix my sites. still coins got withdrawn by attacker.

NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1303


DiceSites.com owner


View Profile WWW
April 30, 2014, 12:17:10 AM
Last edit: April 30, 2014, 12:31:18 AM by NLNico
 #12

I never heard of this script. But I am a security researcher, if you want me to check this script, you can send it to me. We can agree on bounty per security bug only if I find some. Even the owner of the script can contact me I guess. In the end I will however not guarantee that it's 100% safe, but it should be possible to check it all code.

Sladexz
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
May 05, 2014, 04:44:31 AM
 #13

Anyone got a download link that works for this? If so please PM me it.
mdzedzej
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
May 05, 2014, 06:22:13 AM
 #14

this script is ridiculous and yes johnny does make new admin accounts and drains wallets happened to a few people and when they confronted him he just kept deleting thier posts in his thread, use at your own risk, dont ever forget SSL and dont just remove the install folder, remove the admin panel unless its being used, or create your own.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!