Bitcoin Forum
May 20, 2019, 06:16:20 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: [UPDATE] - BetSomeBits is ALMOST LAUNCHING !  (Read 5295 times)
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 04, 2014, 07:35:20 PM
Last edit: December 04, 2014, 09:44:46 PM by whitewhidow
 #41

quick update. on mobile. not much time

implemented withdrawls and deposits. havent deployed yet. i will this evening or tommorow.

thx

s

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
Get signals when whales enter & exit a market 74% average win rate
full binance integration
TRY NOW!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558376180
Hero Member
*
Offline Offline

Posts: 1558376180

View Profile Personal Message (Offline)

Ignore
1558376180
Reply with quote  #2

1558376180
Report to moderator
1558376180
Hero Member
*
Offline Offline

Posts: 1558376180

View Profile Personal Message (Offline)

Ignore
1558376180
Reply with quote  #2

1558376180
Report to moderator
Decksperiment
Sr. Member
****
Offline Offline

Activity: 616
Merit: 250



View Profile
December 04, 2014, 09:54:30 PM
 #42

on mobile again: so in short again:

sorrt for the typo. will be fixed.
db is on a diff server. the phpmyadmin you found does not hold the betting data

server setting will be fixed, bet regarding the php session id in the cookie, thats normal ?  same with fb, prime, etc ?

i really dislike the win8 metro look Smiley actually


and regarding the 60% chance and winning 1 satoshi.   is this not the same at prime?  it seems im getting the same results there?  thx
i guess the question is: is 0.00000001 X 1.7.    0.00000001 or 0.00000002


will post more elaborate response when im in the office


edit: looking at previous rolls: lol @ user "test41241' OR 1=1; --". Smiley

edit: how many ti.es the signup bonus, should be required to withdraw ( to prevent abusing the bonus).   at primt its like x200 or something i believe

The guy who pointed out the myAdminphp link should be payed attention to, as a bruteforce of password using pyrit/cuda would reveal more than you think.. in fact, all that you see..?

Edit, sorry, was focusing on news, The guy who pointed out the phpMYadmin is correct, as I can rip anyones password using cowpatty piped through my cuda based pyrit (no passwords list) in around a day..

A password to myadmin gives complete opportunity to change anything at will.. you do like your site, no?

MoozicoreWORLDS FIRST MUSIC STREAMING SERVICE ON BLOCKCHAIN
 
   █████                     █████
  ███████                   ███████
  ███████                   ███████
  ███████                   ███████
  ███████                   ███████
  ███████                   ███████
  ███████                   ███████
  ███████       █████       ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
   █████        █████        █████
hexafraction
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ


View Profile
December 04, 2014, 11:13:18 PM
 #43

Hmm, a monetary site with no visible way to change a password or reset a password via email? It would be nice for that functionality to exist, so that there are less risks of loss of money.

I have recently become active again after a long period of inactivity. Cryptographic proof that my account has not been compromised is available.
BGkockata
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
December 04, 2014, 11:25:46 PM
 #44

Hmm, a monetary site with no visible way to change a password or reset a password via email? It would be nice for that functionality to exist, so that there are less risks of loss of money.
also add 2fa verify
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 05, 2014, 09:52:26 AM
 #45

Hmm, a monetary site with no visible way to change a password or reset a password via email? It would be nice for that functionality to exist, so that there are less risks of loss of money.

the phpmyadmin will be hidden soon, but like i said. its the phpmyadmin for a different server..

2way auth will be added aswell

and regarding the email adress, ill make it so its optional, so you can set one, IF you want. in case of pass resets if forgotten
and the ability to change your pass when logged in.


just woke up. will be starting work in a few hours. will deploy asap

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 05, 2014, 12:36:27 PM
 #46

Update

deposit and withdrawal are finished, but disabled atm (you wont see the buttons, only specific users will...)

profile page is done, will let you change your password, email adres and bitcoin payout wallet.


113ef50 layout and type fixes + missing url
1f854b8 fixes
7755abe more withdraw stuff
aa3d268 change wallet id via profile
a34j268 change email via profile
8f0d478 change password via profile
0322c64 more on withdraw
d4ba0af more on withdrawls
7e61540 link to has info page, on transactions page
7998ff3 deposit fix
589b719 many changes + more deposit stuff
2277e2c many changes + more deposit stuff
ed3aaff many changes + start deposit stuff

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
Decksperiment
Sr. Member
****
Offline Offline

Activity: 616
Merit: 250



View Profile
December 05, 2014, 02:25:09 PM
 #47

change the name of you phpMyAdmin, and the index.php within said folder to secure it.. Wink Oh, and remove it from your root directory, it does'nt need to be in the root to work Wink

MoozicoreWORLDS FIRST MUSIC STREAMING SERVICE ON BLOCKCHAIN
 
   █████                     █████
  ███████                   ███████
  ███████                   ███████
  ███████                   ███████
  ███████                   ███████
  ███████                   ███████
  ███████                   ███████
  ███████       █████       ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
  ███████      ███████      ███████
   █████        █████        █████
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 05, 2014, 02:53:23 PM
 #48

change the name of you phpMyAdmin, and the index.php within said folder to secure it.. Wink Oh, and remove it from your root directory, it does'nt need to be in the root to work Wink

phpmyadmin has been secured.

Ive also added google authenticator!

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 05, 2014, 03:01:58 PM
Last edit: December 05, 2014, 06:43:23 PM by whitewhidow
 #49

Also, hexa, can you pm me the name of one of your test accounts on the site, so i can start making preperations for the testing of the transactions, i will disable them for all users except the ones i choose

EDIT: just deployed some significant design changes,    working on ajax now

EDIT: just added an ajax implenetation, check it out and see if you guys like it ..

also, i know that error reporting is broken atm, due to the ajax, so i'll get to that very soon   (bet too small or big will not give a visual error atm)

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 06, 2014, 10:10:46 AM
 #50

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 06, 2014, 06:19:43 PM
 #51

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

decided to work after all

more changelog:


security changes
confirm 2-fa auth code before actually enabling 2-fa
added "points"
changes to deposit modal
dont allow faucet if balance > 0
faucet added
blockchain api fixes
info on transactions screen
withdrawal iframe changes
ajax betting errors fixed
stay informed option on profile
massive ajax changes

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
BGkockata
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
December 06, 2014, 06:47:03 PM
 #52

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

decided to work after all

more changelog:


security changes
confirm 2-fa auth code before actually enabling 2-fa
added "points"
changes to deposit modal
dont allow faucet if balance > 0
faucet added
blockchain api fixes
info on transactions screen
withdrawal iframe changes
ajax betting errors fixed
stay informed option on profile
massive ajax changes

Will i be rewarded for giving my opinions&helping u?
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 06, 2014, 07:01:00 PM
 #53

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

decided to work after all

more changelog:


security changes
confirm 2-fa auth code before actually enabling 2-fa
added "points"
changes to deposit modal
dont allow faucet if balance > 0
faucet added
blockchain api fixes
info on transactions screen
withdrawal iframe changes
ajax betting errors fixed
stay informed option on profile
massive ajax changes

Will i be rewarded for giving my opinions&helping u?

for opinions, no, because everyone has them Smiley

For helping ? Well like a stated in my first post, anyone who finds a bug gets rewarded,

other then that, any info provided to me, that i feel is substantial, gets a reward.

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
BGkockata
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
December 06, 2014, 09:18:50 PM
 #54

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

decided to work after all

more changelog:


security changes
confirm 2-fa auth code before actually enabling 2-fa
added "points"
changes to deposit modal
dont allow faucet if balance > 0
faucet added
blockchain api fixes
info on transactions screen
withdrawal iframe changes
ajax betting errors fixed
stay informed option on profile
massive ajax changes

Will i be rewarded for giving my opinions&helping u?

for opinions, no, because everyone has them Smiley

For helping ? Well like a stated in my first post, anyone who finds a bug gets rewarded,

other then that, any info provided to me, that i feel is substantial, gets a reward.
okay
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 06, 2014, 09:25:43 PM
 #55

im liking the new design, really starting to look nice he

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
BGkockata
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
December 06, 2014, 09:30:41 PM
 #56

im liking the new design, really starting to look nice he
told you to do it!also told u the 2fa thing,is it going to be ready sooN?
PotatoPie
Member
**
Offline Offline

Activity: 97
Merit: 10


View Profile
December 07, 2014, 07:01:05 AM
 #57

Vulnerabilities ^_^:
XSS (Cross site scripting) in the change seed thingie.
Code:
"><script>alert(document.cookie)</script>
There is also no CSRF protection on this either.
Video: http://gyazo.com/9eaa38097d913eb8b78cd957a94e607e

Possible places for vulnerabilities:
->On the withdraw page, you've got 2 post variables userAmount and realAmount. It seems that you validate userAmount but not realAmount. I cant test it as I cbf depositing $3 into your site but just make sure that the user cant put userAmount = 0.01 and realAmount = 5 and it will send them 5BTC sort of thing. I doubt you can, but just a heads up.
-> You're able to do negative numbers on roll amounts. Although this probably wouldn't change anything, there isn't any validation for this.

Silly errors:
0.00000100 BTC divide by 2 doesn't equal 5.70000000 Wink.
Video: http://gyazo.com/323eeb6bcc6deef1035005d2ea9b2300

Suggestions:
-> Require a minimum password length. I could have one character and it would accept it. This is just in case of a DB leak, although it's not going to really help that much.
-> Cloudflare would probably be good.

BTC Address: 13mUzcjYysbgNWstbasJ3PVkPB2nCUEqFg
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 07, 2014, 11:50:43 AM
 #58

Vulnerabilities ^_^:
XSS (Cross site scripting) in the change seed thingie.
Code:
"><script>alert(document.cookie)</script>
There is also no CSRF protection on this either.
Video: http://gyazo.com/9eaa38097d913eb8b78cd957a94e607e

Possible places for vulnerabilities:
->On the withdraw page, you've got 2 post variables userAmount and realAmount. It seems that you validate userAmount but not realAmount. I cant test it as I cbf depositing $3 into your site but just make sure that the user cant put userAmount = 0.01 and realAmount = 5 and it will send them 5BTC sort of thing. I doubt you can, but just a heads up.
-> You're able to do negative numbers on roll amounts. Although this probably wouldn't change anything, there isn't any validation for this.

Silly errors:
0.00000100 BTC divide by 2 doesn't equal 5.70000000 Wink.
Video: http://gyazo.com/323eeb6bcc6deef1035005d2ea9b2300

Suggestions:
-> Require a minimum password length. I could have one character and it would accept it. This is just in case of a DB leak, although it's not going to really help that much.
-> Cloudflare would probably be good.

ill add a token and a sanitiser to the clientseed form today.

regarding the useramount. all calculations and processes are based on useramount. so if useramount is messed with. it doesnt really matter. it gets displayed. and is an inpit yes. but does not get processed

(havent watched videos yet, im on mobile atm) so ill adress those as soon as i can

pass length: your 100% right

ill add you to the list of rewards and ill reply regarding the videos when i gwt to the office.

thx

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 08, 2014, 10:34:35 AM
 #59

changes:

    -seedForm is sanitised upon submit
    -hide seedform between roll nand next roll (did not make sence changing seed when looking at result)
    -username minimum 6 chars
    -passwords minimum 8 chars
    -added captcha to faucet


i think we are going to be ready pretty soon ...

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
whitewhidow
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 08, 2014, 05:10:57 PM
 #60

UPDATE: all accounts, rolls and stats have been cleared, will now start testing the withdrawals with hexafraction

If all goes well we will be live before the end of this week !

TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN,   FCK OFF PLEASE   
 - The REAL WHITEWHIDOW
Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!