[100bit.co.in] Earn up to 0.1 BTC for finding bugs

100bitcoin

sr. member

Activity: 860

Merit: 423

Quote from: SalmanKhanChampion on July 14, 2015, 05:37:53 AM

Hi,

I've reported some vulnerabilities through http://www.100bit.co.in/support.php. Kindly check them all. I actually don't know where to report so I've reported them via http://www.100bit.co.in/support.php

Thank you so much for your interest in betterment of the system. We have replied to all the tickets you have raised.

SalmanKhanChampion

newbie

Activity: 1

Merit: 0

Hi,

I've reported some vulnerabilities through http://www.100bit.co.in/support.php. Kindly check them all. I actually don't know where to report so I've reported them via http://www.100bit.co.in/support.php

100bitcoin

sr. member

Activity: 860

Merit: 423

Quote from: sbankerdemon on April 28, 2015, 03:45:42 PM

The captcha now is fine. However I think users can delete other users orders still.

Are you sure ? Can you please PM me an example ?

sbankerdemon

full member

Activity: 168

Merit: 100

http://pachinko.games-bit.com/

Quote from: 100bitcoin on April 13, 2015, 07:34:40 PM

Quote from: PotatoPie on April 09, 2015, 10:58:51 PM

Quote from: sbankerdemon on April 09, 2015, 05:16:46 PM

Quote from: Jimmy Wales on April 09, 2015, 05:10:07 PM

Quote from: sbankerdemon on April 09, 2015, 04:47:27 PM

your captcha is too weak and is almost useless to prevent bruteforce attacks and attacks like creating lots of tickets as mentioned above. I would advise to use strong captcha.

It can be easily decoded with any OCR for example

Code:

https://code.google.com/p/tesseract-ocr/downloads/list

use tesseract-ocr-setup-3.02.02.exe

after installing this just run command

tesseract captcha.png decoded.txt -l eng

example:

It will be accurate 95% of times.

It is possible for an attacker to code some automated tool to launch bruteforce attacks, create 1000's of new users, create lot of supprot tickets etc.

thanks

How will the attacker create 1000's of new users ? It seems email authentication is required to create each user.

Yea he can't forgot about email authentication. But still this captcha beats the purpose of using captcha.

I already mentioned about using OCR Tesseract in my list and @OP didn't seem to care. You're 100% correct saying that it's possible to create thousands of accounts though. I could create a POC right now and make 100k+ accounts. Email verification / authentication is easily bypassable. I can just set up a mail server, buy a basic domain and just iterate through random email addresses on that domain and fetch the verification codes and verify them. This is an extremely simple process and I could clog up the server with thousands of users.

In addition to this, there are more vulnerabilities that have been unpatched.
1. Post variable country on http://www.100bit.co.in/trade.php is SQL injectable.
2. Post variable trade on http://www.100bit.co.in/trade.php is SQL injectable.
3. http://www.100bit.co.in/support.php?mode=change_ststus&status=1&ticket_id=[ticketid] allows you to close or open any ticket regardless if you own it or not. This also has no CSRF or captcha protection on it.
4. http://www.100bit.co.in/order.php?mode=del_interest&id=[interestid] seems like you can delete other peoples interests as well.

I could probably find even more, but seeing as the owner didn't want to pay me out for the others I found even though they were totally unique to the previous founds, I'm not going to waste anymore time on it. 100bitcoin, when you feel like actually paying out, then I may consider taking another look at it.

Quote from: sbankerdemon on April 10, 2015, 04:31:40 PM

If you reported it before me then you should get the bounty.

Can you please check if the bugs you mentioned still do exist in the system or they are fixed now ? Please do let us know if you can find any other bug. Please PM us with example. Also, please provide your bitcoin address...

The captcha now is fine. However I think users can delete other users orders still.

MoonOfLife

sr. member

Activity: 714

Merit: 253

Quote from: 100bitcoin on April 28, 2015, 11:33:05 AM

Quote from: MoonOfLife on April 27, 2015, 08:31:11 PM

Quote from: 100bitcoin on April 27, 2015, 05:19:49 PM

Quote from: MoonOfLife on April 27, 2015, 01:12:35 AM

suggestion

> add photo profile in seting
> change dashboard [ because your dashnboard is doesnt interesting ]
> add new feature on your site [ like forum on your site ]
> can sell LTC
> enable contac seller for discount or anything *lol
_________

for bug .. i think its doesnt bug in your site again

Thank you for the suggestions. You can already sell LTC and communicate with seller when the order is in progress. Nice to know that you did not find any bug.

Quote from: MoonOfLife on April 27, 2015, 01:12:35 AM

ask

03AHJ_Vuu3FUG45V4jKXui9Csz8rHSgdjqULKk9jIt71lGp1uyeoCJXG8QVr0TBcwRqRA0pjJkJMkXo l2rVc-ahk5Ojl1hzcZ9G0r0MPkvePeJd_AueZwA7wgmcTKhAC039YtGTPiytye6hYJlRRwBt9xSCUG4zO3D7i0aXikE9e64ojGloq7f_Pz-3GWEfxeKgKzvZlVWcCSL078cHcO35cWhgczdocyLm8TgCqxAJdurAAf8N73J9tmQNZgm-9nFyaNtwS2ptNS_kjlbzuMohpV4fcm8tgu1CA

what is that it show up after in password after write captcha your site say " please copy this ... "

Can you please provide a screenshot of this ? Also, please let us know when you are getting this and in which browser.

sorry i forget screenshot
browser :UcBrowser [ mobile browser ]
and can u add :
> converter btc to any currency
> and currency BTC to $ graph

i will very thx if you donate me / pay me for some btc
1JxXDzcnWk1sMR1JiG2agZeELEa6g95pXd

It is good if you can recreate the situation, take a screenshot and post. If it is found to be a bug, u might win a small bounty.

ok .. im understand now what is this " 03AHJ_Vuu3FUG45V4jKXui9Csz8rHSgdjqULKk9jIt71lGp1uyeoCJXG8QVr0TBcwRqRA0pjJkJMkXo l2rVc-ahk5Ojl1hzcZ9G0r0MPkvePeJd_AueZwA7wgmcTKhAC039YtGTPiytye6hYJlRRwBt9xSCUG4zO3D7i0aXikE9e64ojGloq7f_Pz-3GWEfxeKgKzvZlVWcCSL078cHcO35cWhgczdocyLm8TgCqxAJdurAAf8N73J9tmQNZgm-9nFyaNtwS2ptNS_kjlbzuMohpV4fcm8tgu1CA "

this is like api_key just place it in https://www.google.com/recaptcha/api2/payload?c=............ it will show up the image captcha

like this https://www.google.com/recaptcha/api2/payload?c=03AHJ_VuvV2iRHYBU8lOOJl3wcEZOtGIswnfHNtYlyB-8erRL7eHlQFhEamx1KopiwpP9SR7DA0hAmn5yOBEhK5b9FpJcJgTHk5dcx4tG1dfh_G2F8AKeyQRznRHX4EWhuqQpcMQS1jKIc5sCp1Vk-DsHkDAPOK5ctYv8_1rTGNPxZkZ6BOCSvI8GukEi8X7DNifqCDBB9KOS5jDFKHXB0FtfLQfKj5K8fBbpDkgoBpl05tpow0LyiopnU35JRK7vERHm0QOcli0sC-ldrOB4qe_shDMOQP2mUmYslU_Qz6tkTa_4eJ5Z7kzh5Smwdn__vpKIdTTnXs78Zabq30Tsf84Hu0XMnQgRXh0oD4LqYr3-VNZivqh712KyW30wUJHhWWVj6yfooyH4JoVMpuUmTXPbcdA_nQ1bmMg&k=6LeZMQUTAAAAANZFVY3bMj-3FumZdL8EUSasyL42

it will delete api every 5 minute

*if you want to see your api just click right and save image url > copy + paste > and https://www.google.com/*/*/payload?c={your api}
_______

and i have method to bypass your captcha

test here : http://www.100bit.co.in/recover.php

1. dont write your email because waste your 1 sec time *lol
2. click verify
3. captcha will show up
4. go to register page
5. back again
6. verify and you are not robot Grin

note :
it just waste your time ,, haha. but you can make some script imacros for spam recover password until the mailer die hahahahaha

MoonOfLife

sr. member

Activity: 714

Merit: 253

Code:

Page Found: http://www.100bit.co.in/admin.php
Page Found: http://www.100bit.co.in/login.html
Page Found: http://www.100bit.co.in/login/
Page Found: http://www.100bit.co.in/admin.asp
Page Found: http://www.100bit.co.in/login.htm
Page Found: http://www.100bit.co.in/login.php
Page Found: http://www.100bit.co.in/login.asp
Page Found: http://www.100bit.co.in/admin/
Page Found: http://www.100bit.co.in/admin/account.html
Page Found: http://www.100bit.co.in/adm/
Page Found: http://www.100bit.co.in/admin/login.html
Page Found: http://www.100bit.co.in/admin/home.asp
Page Found: http://www.100bit.co.in/admin/controlpanel.html
Page Found: http://www.100bit.co.in/admin/login.htm
Page Found: http://www.100bit.co.in/admin/home.php
Page Found: http://www.100bit.co.in/admin/adminLogin.htm
Page Found: http://www.100bit.co.in/admin/adminLogin.html
Page Found: http://www.100bit.co.in/admin/controlpanel.htm
Page Found: http://www.100bit.co.in/admin/cp.php
Page Found: http://www.100bit.co.in/admin/cp.asp
Page Found: http://www.100bit.co.in/admin/controlpanel.asp
Page Found: http://www.100bit.co.in/admin/admin-login.php
Page Found: http://www.100bit.co.in/admin/admin_login.asp
Page Found: http://www.100bit.co.in/admin/controlpanel.php
Page Found: http://www.100bit.co.in/admin/admin_login.php
Page Found: http://www.100bit.co.in/admin/admin-login.asp
Page Found: http://www.100bit.co.in/admin/account.php
Page Found: http://www.100bit.co.in/admin-login.php
Page Found: http://www.100bit.co.in/admin-login.asp
Page Found: http://www.100bit.co.in/admin/account.asp
Page Found: http://www.100bit.co.in/admin/admin.php
Page Found: http://www.100bit.co.in/admin/admin.asp
Page Found: http://www.100bit.co.in/admin.htm
Page Found: http://www.100bit.co.in/admin.html
Page Found: http://www.100bit.co.in/adminitem/
Page Found: http://www.100bit.co.in/adminitem.php
Page Found: http://www.100bit.co.in/adminitems.php
Page Found: http://www.100bit.co.in/adminitems.asp
Page Found: http://www.100bit.co.in/adminitem.asp
Page Found: http://www.100bit.co.in/adminitems/
Page Found: http://www.100bit.co.in/administrator.php
Page Found: http://www.100bit.co.in/administrator/login.asp
Page Found: http://www.100bit.co.in/administrator.asp
Page Found: http://www.100bit.co.in/administrator/login.php
Page Found: http://www.100bit.co.in/administrator/
Page Found: http://www.100bit.co.in/administration.asp
Page Found: http://www.100bit.co.in/administration/
Page Found: http://www.100bit.co.in/administration.php
Page Found: http://www.100bit.co.in/adminlogin.php
Page Found: http://www.100bit.co.in/adminLogin/
Page Found: http://www.100bit.co.in/adminlogin.asp
Page Found: http://www.100bit.co.in/admin_area/admin.asp
Page Found: http://www.100bit.co.in/admin_area/login.php
Page Found: http://www.100bit.co.in/admin_area/admin.php
Page Found: http://www.100bit.co.in/admin_area/
Page Found: http://www.100bit.co.in/manager/
Page Found: http://www.100bit.co.in/manager.asp
Page Found: http://www.100bit.co.in/manager.php
Page Found: http://www.100bit.co.in/admin_area/login.asp
Page Found: http://www.100bit.co.in/letmein/
Page Found: http://www.100bit.co.in/superuser.php
Page Found: http://www.100bit.co.in/superuser/
Page Found: http://www.100bit.co.in/letmein.asp
Page Found: http://www.100bit.co.in/superuser.asp
Page Found: http://www.100bit.co.in/letmein.php
Page Found: http://www.100bit.co.in/access.php
Page Found: http://www.100bit.co.in/access/
Page Found: http://www.100bit.co.in/sysadm/
Page Found: http://www.100bit.co.in/sysadm.php
Page Found: http://www.100bit.co.in/access.asp
Page Found: http://www.100bit.co.in/supervisor/
Page Found: http://www.100bit.co.in/panel.asp
Page Found: http://www.100bit.co.in/superman/
Page Found: http://www.100bit.co.in/sysadm.asp
Page Found: http://www.100bit.co.in/panel.php
Page Found: http://www.100bit.co.in/control/
Page Found: http://www.100bit.co.in/control.php
Page Found: http://www.100bit.co.in/member.php
Page Found: http://www.100bit.co.in/member/
Page Found: http://www.100bit.co.in/control.asp
Page Found: http://www.100bit.co.in/user/
Page Found: http://www.100bit.co.in/members.asp
Page Found: http://www.100bit.co.in/members.php
Page Found: http://www.100bit.co.in/member.asp
Page Found: http://www.100bit.co.in/members/
Page Found: http://www.100bit.co.in/user.php
Page Found: http://www.100bit.co.in/manage/
Page Found: http://www.100bit.co.in/uvpanel/
Page Found: http://www.100bit.co.in/cp/
Page Found: http://www.100bit.co.in/user.asp
Page Found: http://www.100bit.co.in/manage.php
Page Found: http://www.100bit.co.in/manage.asp
Page Found: http://www.100bit.co.in/management/
Page Found: http://www.100bit.co.in/management.php
Page Found: http://www.100bit.co.in/management.asp
Page Found: http://www.100bit.co.in/signin/
Page Found: http://www.100bit.co.in/signin.asp
Page Found: http://www.100bit.co.in/signin.php
Page Found: http://www.100bit.co.in/log-in/
Page Found: http://www.100bit.co.in/log-in.php
Page Found: http://www.100bit.co.in/log_in.php
Page Found: http://www.100bit.co.in/log_in/
Page Found: http://www.100bit.co.in/log-in.asp
Page Found: http://www.100bit.co.in/log_in.asp
Page Found: http://www.100bit.co.in/sign_in/
Page Found: http://www.100bit.co.in/sign_in.php
Page Found: http://www.100bit.co.in/sign-in.asp
Page Found: http://www.100bit.co.in/sign-in.php
Page Found: http://www.100bit.co.in/sign-in/
Page Found: http://www.100bit.co.in/users/
Page Found: http://www.100bit.co.in/sign_in.asp
Page Found: http://www.100bit.co.in/users.php
Page Found: http://www.100bit.co.in/accounts/
Page Found: http://www.100bit.co.in/accounts.php
Page Found: http://www.100bit.co.in/accounts.asp
Page Found: http://www.100bit.co.in/wp-login.php
Page Found: http://www.100bit.co.in/bb-admin/login.php
Page Found: http://www.100bit.co.in/users.asp
Page Found: http://www.100bit.co.in/bb-admin/login.asp
Page Found: http://www.100bit.co.in/bb-admin/admin.php
Page Found: http://www.100bit.co.in/bb-admin/admin.asp
Page Found: http://www.100bit.co.in/bb-admin/admin.html
Page Found: http://www.100bit.co.in/administrator/account.php
Page Found: http://www.100bit.co.in/administrator/account.asp
Page Found: http://www.100bit.co.in/relogin.htm
Page Found: http://www.100bit.co.in/relogin.html
Page Found: http://www.100bit.co.in/check.php
Page Found: http://www.100bit.co.in/check.asp
Page Found: http://www.100bit.co.in/relogin.php
Page Found: http://www.100bit.co.in/relogin.asp
Page Found: http://www.100bit.co.in/blog/wp-login.php
Page Found: http://www.100bit.co.in/blog/wp-login.asp
Page Found: http://www.100bit.co.in/user/admin.php
Page Found: http://www.100bit.co.in/users/admin.php
Page Found: http://www.100bit.co.in/user/admin.asp
Page Found: http://www.100bit.co.in/users/admin.asp
Page Found: http://www.100bit.co.in/registration/
Page Found: http://www.100bit.co.in/processlogin.php
Page Found: http://www.100bit.co.in/checklogin.php
Page Found: http://www.100bit.co.in/processlogin.asp
Page Found: http://www.100bit.co.in/checklogin.asp
Page Found: http://www.100bit.co.in/checkuser.php
Page Found: http://www.100bit.co.in/checkuser.asp
Page Found: http://www.100bit.co.in/checkadmin.php
Page Found: http://www.100bit.co.in/checkadmin.asp
Page Found: http://www.100bit.co.in/isadmin.php
Page Found: http://www.100bit.co.in/isadmin.asp
Page Found: http://www.100bit.co.in/authenticate.php
Page Found: http://www.100bit.co.in/authenticate.asp
Page Found: http://www.100bit.co.in/authentication.php
Page Found: http://www.100bit.co.in/authentication.asp
Page Found: http://www.100bit.co.in/auth.php
Page Found: http://www.100bit.co.in/auth.asp
Page Found: http://www.100bit.co.in/authadmin.asp
Page Found: http://www.100bit.co.in/authuser.php
Page Found: http://www.100bit.co.in/authadmin.php
Page Found: http://www.100bit.co.in/authuser.asp
Page Found: http://www.100bit.co.in/cp.php
Page Found: http://www.100bit.co.in/cp.asp
Page Found: http://www.100bit.co.in/moderator.asp
Page Found: http://www.100bit.co.in/modelsearch/login.php
Page Found: http://www.100bit.co.in/moderator.php
Page Found: http://www.100bit.co.in/modelsearch/login.asp
Page Found: http://www.100bit.co.in/controlpanel.asp
Page Found: http://www.100bit.co.in/controlpanel/
Page Found: http://www.100bit.co.in/moderator/
Page Found: http://www.100bit.co.in/admincontrol.php
Page Found: http://www.100bit.co.in/controlpanel.php
Page Found: http://www.100bit.co.in/adminpanel.php
Page Found: http://www.100bit.co.in/fileadmin.php
Page Found: http://www.100bit.co.in/admincontrol.asp
Page Found: http://www.100bit.co.in/adminpanel.asp
Page Found: http://www.100bit.co.in/fileadmin/
Page Found: http://www.100bit.co.in/fileadmin.asp
Page Found: http://www.100bit.co.in/admin1.php
Page Found: http://www.100bit.co.in/sysadmin.php
Page Found: http://www.100bit.co.in/sysadmin.asp
Page Found: http://www.100bit.co.in/admin1.asp
Page Found: http://www.100bit.co.in/admin1.html
Page Found: http://www.100bit.co.in/admin2.asp
Page Found: http://www.100bit.co.in/admin2.php
Page Found: http://www.100bit.co.in/admin1.htm
Page Found: http://www.100bit.co.in/admin2.html
Page Found: http://www.100bit.co.in/yonetim.php
Page Found: http://www.100bit.co.in/yonetim.html
Page Found: http://www.100bit.co.in/yonetici.php
Page Found: http://www.100bit.co.in/yonetici.asp
Page Found: http://www.100bit.co.in/yonetici.html
Page Found: http://www.100bit.co.in/yonetim.asp
Page Found: http://www.100bit.co.in/phpmyadmin/
Page Found: http://www.100bit.co.in/myadmin/
Page Found: http://www.100bit.co.in/ur-admin.php
Page Found: http://www.100bit.co.in/ur-admin.asp
Page Found: http://www.100bit.co.in/ur-admin/
Page Found: http://www.100bit.co.in/Server.php
Page Found: http://www.100bit.co.in/Server.asp
Page Found: http://www.100bit.co.in/Server/
Page Found: http://www.100bit.co.in/wp-admin/
Page Found: http://www.100bit.co.in/administr8.php
Page Found: http://www.100bit.co.in/administr8/
Page Found: http://www.100bit.co.in/administr8.asp
Page Found: http://www.100bit.co.in/webadmin/
Page Found: http://www.100bit.co.in/webadmin.php
Page Found: http://www.100bit.co.in/admins/
Page Found: http://www.100bit.co.in/administratie/
Page Found: http://www.100bit.co.in/admins.php
Page Found: http://www.100bit.co.in/admins.asp
Page Found: http://www.100bit.co.in/webadmin.asp
Page Found: http://www.100bit.co.in/Database_Administration/
Page Found: http://www.100bit.co.in/useradmin/
Page Found: http://www.100bit.co.in/sysadmins/
Page Found: http://www.100bit.co.in/admin1/
Page Found: http://www.100bit.co.in/system-administration/
Page Found: http://www.100bit.co.in/administrivia/
Page Found: http://www.100bit.co.in/administrators/
Page Found: http://www.100bit.co.in/pgadmin/
Page Found: http://www.100bit.co.in/staradmin/
Page Found: http://www.100bit.co.in/ServerAdministrator/
Page Found: http://www.100bit.co.in/SysAdmin/
Page Found: http://www.100bit.co.in/administer/
Page Found: http://www.100bit.co.in/directadmin/
Page Found: http://www.100bit.co.in/sys-admin/
Page Found: http://www.100bit.co.in/LiveUser_Admin/
Page Found: http://www.100bit.co.in/typo3/
Page Found: http://www.100bit.co.in/cpanel/
Page Found: http://www.100bit.co.in/panel/
Page Found: http://www.100bit.co.in/cpanel_file/
Page Found: http://www.100bit.co.in/platz_login/
Page Found: http://www.100bit.co.in/rcLogin/
Page Found: http://www.100bit.co.in/autologin/
Page Found: http://www.100bit.co.in/blogindex/
Page Found: http://www.100bit.co.in/support_login/
Page Found: http://www.100bit.co.in/formslogin/
Page Found: http://www.100bit.co.in/meta_login/
Page Found: http://www.100bit.co.in/simpleLogin/
Page Found: http://www.100bit.co.in/manuallogin/
Page Found: http://www.100bit.co.in/loginflat/
Page Found: http://www.100bit.co.in/utility_login/
Page Found: http://www.100bit.co.in/memlogin/
Page Found: http://www.100bit.co.in/showlogin/
Page Found: http://www.100bit.co.in/sub-login/
Page Found: http://www.100bit.co.in/login-redirect/
Page Found: http://www.100bit.co.in/wp-login/
Page Found: http://www.100bit.co.in/dir-login/
Page Found: http://www.100bit.co.in/login1/
Page Found: http://www.100bit.co.in/xlogin/
Page Found: http://www.100bit.co.in/smblogin/
Page Found: http://www.100bit.co.in/login_db/
Page Found: http://www.100bit.co.in/customer_login/
Page Found: http://www.100bit.co.in/UserLogin/
Page Found: http://www.100bit.co.in/acct_login/
Page Found: http://www.100bit.co.in/login-us/
Page Found: http://www.100bit.co.in/bigadmin/
Page Found: http://www.100bit.co.in/project-admins/
Page Found: http://www.100bit.co.in/pureadmin/
Page Found: http://www.100bit.co.in/radmind/
Page Found: http://www.100bit.co.in/phppgadmin/
Page Found: http://www.100bit.co.in/sql-admin/
Page Found: http://www.100bit.co.in/wizmysqladmin/
Page Found: http://www.100bit.co.in/openvpnadmin/
Page Found: http://www.100bit.co.in/ezsqliteadmin/
Page Found: http://www.100bit.co.in/hpwebjetadmin/
Page Found: http://www.100bit.co.in/vadmind/
Page Found: http://www.100bit.co.in/Lotus_Domino_Admin/
Page Found: http://www.100bit.co.in/bbadmin/
Page Found: http://www.100bit.co.in/vmailadmin/
Page Found: http://www.100bit.co.in/adminpro/
Page Found: http://www.100bit.co.in/newsadmin/
Page Found: http://www.100bit.co.in/irc-macadmin/
Page Found: http://www.100bit.co.in/Indy_admin/
Page Found: http://www.100bit.co.in/sshadmin/
Page Found: http://www.100bit.co.in/ccp14admin/
Page Found: http://www.100bit.co.in/banneradmin/
Page Found: http://www.100bit.co.in/phpldapadmin/
Page Found: http://www.100bit.co.in/admin4_account/
Page Found: http://www.100bit.co.in/macadmin/
Page Found: http://www.100bit.co.in/administratoraccounts/
Page Found: http://www.100bit.co.in/admin4_colon/
Page Found: http://www.100bit.co.in/radmind-1/
Page Found: http://www.100bit.co.in/AdminTools/
Page Found: http://www.100bit.co.in/Super-Admin/
Page Found: http://www.100bit.co.in/cmsadmin/
Page Found: http://www.100bit.co.in/phpSQLiteAdmin/
Page Found: http://www.100bit.co.in/cadmins/
Page Found: http://www.100bit.co.in/SysAdmin2/
Page Found: http://www.100bit.co.in/globes_admin/
Page Found: http://www.100bit.co.in/navSiteAdmin/
Page Found: http://www.100bit.co.in/ss_vms_admin_sm/
Page Found: http://www.100bit.co.in/power_user/
Page Found: http://www.100bit.co.in/server_admin_small/
Page Found: http://www.100bit.co.in/logo_sysadmin/
Page Found: http://www.100bit.co.in/system_administration/
Page Found: http://www.100bit.co.in/instadmin/
Page Found: http://www.100bit.co.in/panel-administracion/
Page Found: http://www.100bit.co.in/administratorlogin/
Page Found: http://www.100bit.co.in/memberadmin/
Page Found: http://www.100bit.co.in/bb-admin/
Page Found: http://www.100bit.co.in/adm.asp
Page Found: http://www.100bit.co.in/admin_login.php
Page Found: http://www.100bit.co.in/admin_login.asp
Page Found: http://www.100bit.co.in/adm.php
Page Found: http://www.100bit.co.in/panel-administracion/login.php
Page Found: http://www.100bit.co.in/pages/admin/admin-login.php
Page Found: http://www.100bit.co.in/pages/admin/admin-login.asp
Page Found: http://www.100bit.co.in/pages/admin/
Page Found: http://www.100bit.co.in/panel-administracion/login.asp
Page Found: http://www.100bit.co.in/admincp/login.php
Page Found: http://www.100bit.co.in/acceso.php
Page Found: http://www.100bit.co.in/acceso.asp
Page Found: http://www.100bit.co.in/admincp/login.asp
Page Found: http://www.100bit.co.in/admincp/
Page Found: http://www.100bit.co.in/affiliate.php
Page Found: http://www.100bit.co.in/admincontrol/
Page Found: http://www.100bit.co.in/affiliate.asp
Page Found: http://www.100bit.co.in/adminarea/
Page Found: http://www.100bit.co.in/adm_auth.php
Page Found: http://www.100bit.co.in/adm_auth.asp
Page Found: http://www.100bit.co.in/memberadmin.asp
Page Found: http://www.100bit.co.in/memberadmin.php
Page Found: http://www.100bit.co.in/administratorlogin.asp
Page Found: http://www.100bit.co.in/administratorlogin.php
Page Found: http://www.100bit.co.in/administrators.php
Page Found: http://www.100bit.co.in/modules/admin/
Page Found: http://www.100bit.co.in/siteadmin/
Page Found: http://www.100bit.co.in/administrators.asp
Page Found: http://www.100bit.co.in/siteadmin.asp
Page Found: http://www.100bit.co.in/kpanel/
Page Found: http://www.100bit.co.in/adminsite/
Page Found: http://www.100bit.co.in/siteadmin.php
Page Found: http://www.100bit.co.in/vorod/
Page Found: http://www.100bit.co.in/vorod.php
Page Found: http://www.100bit.co.in/vorod.asp
Page Found: http://www.100bit.co.in/vorud/
Page Found: http://www.100bit.co.in/PSUser/
Page Found: http://www.100bit.co.in/secure/
Page Found: http://www.100bit.co.in/vorud.php
Page Found: http://www.100bit.co.in/adminpanel/
Page Found: http://www.100bit.co.in/vorud.asp
Page Found: http://www.100bit.co.in/webmaster/
Page Found: http://www.100bit.co.in/autologin.php
Page Found: http://www.100bit.co.in/webmaster.asp
Page Found: http://www.100bit.co.in/autologin.asp
Page Found: http://www.100bit.co.in/webmaster.php
Page Found: http://www.100bit.co.in/userlogin.php
Page Found: http://www.100bit.co.in/cmsadmin.php
Page Found: http://www.100bit.co.in/admin_area.asp
Page Found: http://www.100bit.co.in/userlogin.asp
Page Found: http://www.100bit.co.in/admin_area.php
Page Found: http://www.100bit.co.in/cmsadmin.asp
Page Found: http://www.100bit.co.in/security/
Page Found: http://www.100bit.co.in/usr/
Page Found: http://www.100bit.co.in/secret/
Page Found: http://www.100bit.co.in/root/
Page Found: http://www.100bit.co.in/admin/login.asp
Page Found: http://www.100bit.co.in/admin/adminLogin.php
Page Found: http://www.100bit.co.in/admin/login.php
Page Found: http://www.100bit.co.in/moderator.php
Page Found: http://www.100bit.co.in/admin/adminLogin.asp
Page Found: http://www.100bit.co.in/moderator.html
Page Found: http://www.100bit.co.in/moderator/admin.php
Page Found: http://www.100bit.co.in/moderator/login.asp
Page Found: http://www.100bit.co.in/moderator/admin.asp
Page Found: http://www.100bit.co.in/moderator/login.php
Page Found: http://www.100bit.co.in/yonetici.php
Page Found: http://www.100bit.co.in/yonetici.asp
Page Found: http://www.100bit.co.in/0manager/
Page Found: http://www.100bit.co.in/0admin/
Page Found: http://www.100bit.co.in/aadmin/
Page Found: http://www.100bit.co.in/login1asp
Page Found: http://www.100bit.co.in/cgi-bin/loginasp
Page Found: http://www.100bit.co.in/login1php
Page Found: http://www.100bit.co.in/cgi-bin/loginphp
Page Found: http://www.100bit.co.in/login_admin/
Page Found: http://www.100bit.co.in/login_adminphp
Page Found: http://www.100bit.co.in/login_adminasp
Page Found: http://www.100bit.co.in/login_outasp
Page Found: http://www.100bit.co.in/login_outphp
Page Found: http://www.100bit.co.in/login_out/
Page Found: http://www.100bit.co.in/loginok/
Page Found: http://www.100bit.co.in/loginsave/
Page Found: http://www.100bit.co.in/login_userphp
Page Found: http://www.100bit.co.in/login_userasp
Page Found: http://www.100bit.co.in/loginerror/
Page Found: http://www.100bit.co.in/loginsuper/
Page Found: http://www.100bit.co.in/loginphp
Page Found: http://www.100bit.co.in/loginsuperasp
Page Found: http://www.100bit.co.in/loginasp
Page Found: http://www.100bit.co.in/loginsuperphp
Page Found: http://www.100bit.co.in/secrets/
Page Found: http://www.100bit.co.in/logout/
Page Found: http://www.100bit.co.in/super1/
Page Found: http://www.100bit.co.in/logoutphp
Page Found: http://www.100bit.co.in/logoutasp
Page Found: http://www.100bit.co.in/super_indexasp
Page Found: http://www.100bit.co.in/super1php
Page Found: http://www.100bit.co.in/super_indexphp
Page Found: http://www.100bit.co.in/super_loginphp
Page Found: http://www.100bit.co.in/super1asp
Page Found: http://www.100bit.co.in/supermanagerasp
Page Found: http://www.100bit.co.in/supermanagerphp
Page Found: http://www.100bit.co.in/super_loginasp
Page Found: http://www.100bit.co.in/supermanphp
Page Found: http://www.100bit.co.in/supermanasp
Page Found: http://www.100bit.co.in/supervise/Loginasp
Page Found: http://www.100bit.co.in/superuserasp
Page Found: http://www.100bit.co.in/superuserphp
Page Found: http://www.100bit.co.in/supervise/Loginphp
Page Found: http://www.100bit.co.in/supervise/
Page Found: http://www.100bit.co.in/superasp
Page Found: http://www.100bit.co.in/superphp

nice site .. i like your trap Grin

page found but all of them is " 302 Moved Temporarily "

http://www.100bit.co.in/root/ OK
http://www.100bit.co.in/admin/ OK
http://www.100bit.co.in/common 200 OK Shocked

this is place your template ... right ? but is moved Shocked

Analyzing http://www.100bit.co.in/*/ with defined injection point
Injecting into defined injection point by user
Host IP: 104.28.29.49
Web Server: cloudflare-nginx

100bitcoin

sr. member

Activity: 860

Merit: 423

Quote from: CoinFriend on April 28, 2015, 06:43:00 AM

Quote from: 100bitcoin on April 27, 2015, 05:29:01 PM

Quote from: CoinFriend on April 27, 2015, 01:08:01 PM

hey admin, why do you have two different threads?

why is no information about the BETA status on your website?

and why do you provide so less information about your site.

why you didn't answer my questions personally on the other thread?
https://bitcointalksearch.org/topic/looking-for-active-traders-985796

Extremely sorry for the delay. We were little busy in providing support on the site. We have replied to you in the Active Trader thread as well. This one is for bug bounty. So, there are 2 different threads. Thank you for your interest.

thanks for reply.
I am a little bit confused now. I don't understand why you didn't offer the same reward for the active traders, for finding bugs. Does someone who is active not deserve a reward if he found something wrong?

And why is there no information / link about the other thread on each?
Are this both really the only two? Or is there also one where you explain how your site works and what i can do with your site?
I like to know this information before i fill out register form on a site!

And yeah, i understand that you must be busy if you have to manage two threads to support your site^^
Later i have look what you reply in the Active Trader thread as well...

1. Of course traders may find bug and we appreciate that. But, we have some forum structure here where different sub-forum has different significance. Bug bounty does not go for Trading Discussion. So we posted it here. Traders can easily participate here.

2. You are correct indeed. We might do cross-linking for more exposure. You will also find our service announcement thread in our signature only. How things work on www.100bit.co.in is on the home page only. Just click on the Click to learn more about 100bit.co.in link on the home page. In future we have plan for video tutorial as well.

3. I was not busy on these 2 threads. I was busy on the site support.

100bitcoin

sr. member

Activity: 860

Merit: 423

Quote from: MoonOfLife on April 27, 2015, 08:31:11 PM

Quote from: 100bitcoin on April 27, 2015, 05:19:49 PM

Quote from: MoonOfLife on April 27, 2015, 01:12:35 AM

suggestion

> add photo profile in seting
> change dashboard [ because your dashnboard is doesnt interesting ]
> add new feature on your site [ like forum on your site ]
> can sell LTC
> enable contac seller for discount or anything *lol
_________

for bug .. i think its doesnt bug in your site again

Thank you for the suggestions. You can already sell LTC and communicate with seller when the order is in progress. Nice to know that you did not find any bug.

Quote from: MoonOfLife on April 27, 2015, 01:12:35 AM

ask

03AHJ_Vuu3FUG45V4jKXui9Csz8rHSgdjqULKk9jIt71lGp1uyeoCJXG8QVr0TBcwRqRA0pjJkJMkXo l2rVc-ahk5Ojl1hzcZ9G0r0MPkvePeJd_AueZwA7wgmcTKhAC039YtGTPiytye6hYJlRRwBt9xSCUG4zO3D7i0aXikE9e64ojGloq7f_Pz-3GWEfxeKgKzvZlVWcCSL078cHcO35cWhgczdocyLm8TgCqxAJdurAAf8N73J9tmQNZgm-9nFyaNtwS2ptNS_kjlbzuMohpV4fcm8tgu1CA

what is that it show up after in password after write captcha your site say " please copy this ... "

Can you please provide a screenshot of this ? Also, please let us know when you are getting this and in which browser.

sorry i forget screenshot
browser :UcBrowser [ mobile browser ]
and can u add :
> converter btc to any currency
> and currency BTC to $ graph

i will very thx if you donate me / pay me for some btc
1JxXDzcnWk1sMR1JiG2agZeELEa6g95pXd

It is good if you can recreate the situation, take a screenshot and post. If it is found to be a bug, u might win a small bounty.

Albert Hamilton

full member

Activity: 128

Merit: 100

Quote from: GiocareHost on April 28, 2015, 09:21:29 AM

Quote from: Albert Hamilton on April 28, 2015, 05:53:21 AM

Quote from: GiocareHost on April 27, 2015, 04:42:04 AM

I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).

I wonder how do u brute-force here ? They are behind CloudFlare. Your loop wont work from browser/iframe/command prompt.

They have a basic Plan of cloudflare,which couldn't protect them if I use iframe.

I'm under attack mode is available under free plan only. Moreover they initially had a CAPTCHA on the home page as well as you'll find in the screenshot in OP. May be they are not using it right now for some reason...

GiocareHost

sr. member

Activity: 266

Merit: 250

Quote from: Albert Hamilton on April 28, 2015, 05:53:21 AM

Quote from: GiocareHost on April 27, 2015, 04:42:04 AM

I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).

I wonder how do u brute-force here ? They are behind CloudFlare. Your loop wont work from browser/iframe/command prompt.

They have a basic Plan of cloudflare,which couldn't protect them if I use iframe.

CoinFriend

sr. member

Activity: 266

Merit: 250

support.

Quote from: 100bitcoin on April 27, 2015, 05:29:01 PM

Quote from: CoinFriend on April 27, 2015, 01:08:01 PM

hey admin, why do you have two different threads?

why is no information about the BETA status on your website?

and why do you provide so less information about your site.

why you didn't answer my questions personally on the other thread?
https://bitcointalksearch.org/topic/looking-for-active-traders-985796

Extremely sorry for the delay. We were little busy in providing support on the site. We have replied to you in the Active Trader thread as well. This one is for bug bounty. So, there are 2 different threads. Thank you for your interest.

thanks for reply.
I am a little bit confused now. I don't understand why you didn't offer the same reward for the active traders, for finding bugs. Does someone who is active not deserve a reward if he found something wrong?

And why is there no information / link about the other thread on each?
Are this both really the only two? Or is there also one where you explain how your site works and what i can do with your site?
I like to know this information before i fill out register form on a site!

And yeah, i understand that you must be busy if you have to manage two threads to support your site^^
Later i have look what you reply in the Active Trader thread as well...

Albert Hamilton

full member

Activity: 128

Merit: 100

Quote from: GiocareHost on April 27, 2015, 04:42:04 AM

I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).

I wonder how do u brute-force here ? They are behind CloudFlare. Your loop wont work from browser/iframe/command prompt.

MoonOfLife

sr. member

Activity: 714

Merit: 253

Quote from: 100bitcoin on April 27, 2015, 05:19:49 PM

Quote from: MoonOfLife on April 27, 2015, 01:12:35 AM

suggestion

> add photo profile in seting
> change dashboard [ because your dashnboard is doesnt interesting ]
> add new feature on your site [ like forum on your site ]
> can sell LTC
> enable contac seller for discount or anything *lol
_________

for bug .. i think its doesnt bug in your site again

Thank you for the suggestions. You can already sell LTC and communicate with seller when the order is in progress. Nice to know that you did not find any bug.

Quote from: MoonOfLife on April 27, 2015, 01:12:35 AM

ask

03AHJ_Vuu3FUG45V4jKXui9Csz8rHSgdjqULKk9jIt71lGp1uyeoCJXG8QVr0TBcwRqRA0pjJkJMkXo l2rVc-ahk5Ojl1hzcZ9G0r0MPkvePeJd_AueZwA7wgmcTKhAC039YtGTPiytye6hYJlRRwBt9xSCUG4zO3D7i0aXikE9e64ojGloq7f_Pz-3GWEfxeKgKzvZlVWcCSL078cHcO35cWhgczdocyLm8TgCqxAJdurAAf8N73J9tmQNZgm-9nFyaNtwS2ptNS_kjlbzuMohpV4fcm8tgu1CA

what is that it show up after in password after write captcha your site say " please copy this ... "

Can you please provide a screenshot of this ? Also, please let us know when you are getting this and in which browser.

sorry i forget screenshot
browser :UcBrowser [ mobile browser ]
and can u add :
> converter btc to any currency
> and currency BTC to $ graph

i will very thx if you donate me / pay me for some btc
1JxXDzcnWk1sMR1JiG2agZeELEa6g95pXd

100bitcoin

sr. member

Activity: 860

Merit: 423

Quote from: CoinFriend on April 27, 2015, 01:08:01 PM

hey admin, why do you have two different threads?

why is no information about the BETA status on your website?

and why do you provide so less information about your site.

why you didn't answer my questions personally on the other thread?
https://bitcointalksearch.org/topic/looking-for-active-traders-985796

Extremely sorry for the delay. We were little busy in providing support on the site. We have replied to you in the Active Trader thread as well. This one is for bug bounty. So, there are 2 different threads. Thank you for your interest.

100bitcoin

sr. member

Activity: 860

Merit: 423

Quote from: MoonOfLife on April 27, 2015, 01:12:35 AM

suggestion

> add photo profile in seting
> change dashboard [ because your dashnboard is doesnt interesting ]
> add new feature on your site [ like forum on your site ]
> can sell LTC
> enable contac seller for discount or anything *lol
_________

for bug .. i think its doesnt bug in your site again

Thank you for the suggestions. You can already sell LTC and communicate with seller when the order is in progress. Nice to know that you did not find any bug.

Quote from: MoonOfLife on April 27, 2015, 01:12:35 AM

ask

03AHJ_Vuu3FUG45V4jKXui9Csz8rHSgdjqULKk9jIt71lGp1uyeoCJXG8QVr0TBcwRqRA0pjJkJMkXo l2rVc-ahk5Ojl1hzcZ9G0r0MPkvePeJd_AueZwA7wgmcTKhAC039YtGTPiytye6hYJlRRwBt9xSCUG4zO3D7i0aXikE9e64ojGloq7f_Pz-3GWEfxeKgKzvZlVWcCSL078cHcO35cWhgczdocyLm8TgCqxAJdurAAf8N73J9tmQNZgm-9nFyaNtwS2ptNS_kjlbzuMohpV4fcm8tgu1CA

what is that it show up after in password after write captcha your site say " please copy this ... "

Can you please provide a screenshot of this ? Also, please let us know when you are getting this and in which browser.

100bitcoin

sr. member

Activity: 860

Merit: 423

Quote from: GiocareHost on April 27, 2015, 04:42:04 AM

I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).
2.)Registration form without CSRF protection.
3.)Session cookie is without Secure flag set & HTTP only flag set.
4.)Vulnerable to Click jacking.
In total I have detected 4 Major bugs which can be very harmful for your site.
I can explain them to you,if you want.
I hope you will not break your promise and send me 0.4 BTC to 1FzWfTTy8YCh1fRBBZ9Fuyym85Xoe4qYL8
add one more bug,
user details are transmitted over an unencrypted channel.
That makes it 0.5BTC

Please note that, maximum payment you may receive is 0.1BTC and you need to provide explanation of your bugs. We have sent you PM regarding this.

Albert Hamilton

full member

Activity: 128

Merit: 100

Quote from: CoinFriend on April 27, 2015, 01:08:01 PM

hey admin, why do you have two different threads?

why is no information about the BETA status on your website?

and why do you provide so less information about your site.

why you didn't answer my questions personally on the other thread?
https://bitcointalksearch.org/topic/looking-for-active-traders-985796

As I can see, the registration page clearly says that the site is in BETA...

www.100bit.co.in/register.php

Victor Beckham

full member

Activity: 243

Merit: 100

Quote from: GiocareHost on April 27, 2015, 04:42:04 AM

I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).
2.)Registration form without CSRF protection.
3.)Session cookie is without Secure flag set & HTTP only flag set.
4.)Vulnerable to Click jacking.
In total I have detected 4 Major bugs which can be very harmful for your site.
I can explain them to you,if you want.
I hope you will not break your promise and send me 0.4 BTC to 1FzWfTTy8YCh1fRBBZ9Fuyym85Xoe4qYL8
add one more bug,
user details are transmitted over an unencrypted channel.
That makes it 0.5BTC

LoLz... according to OP, you may get up to 0.1BTC. It is not 0.1BTC per bug. Check about the others who got paid before you. They found more bugs than you have found.

CoinFriend

sr. member

Activity: 266

Merit: 250

support.

hey admin, why do you have two different threads?

why is no information about the BETA status on your website?

and why do you provide so less information about your site.

why you didn't answer my questions personally on the other thread?
https://bitcointalksearch.org/topic/looking-for-active-traders-985796

GiocareHost

sr. member

Activity: 266

Merit: 250

I HAVE A BUG TO REPORT.
1.)Your website is vulnerable to Brute-force attack,since the login form is not asking for Captcha's(No captcha on the home page Login Box).
2.)Registration form without CSRF protection.
3.)Session cookie is without Secure flag set & HTTP only flag set.
4.)Vulnerable to Click jacking.
In total I have detected 4 Major bugs which can be very harmful for your site.
I can explain them to you,if you want.
I hope you will not break your promise and send me 0.4 BTC to 1FzWfTTy8YCh1fRBBZ9Fuyym85Xoe4qYL8
add one more bug,
user details are transmitted over an unencrypted channel.
That makes it 0.5BTC

Topic: [100bit.co.in] Earn up to 0.1 BTC for finding bugs (Read 7135 times)