Topic: [100bit.co.in] Earn up to 0.1 BTC for finding bugs - page 6. (Read 7137 times)
Only include a captcha on that "Create a New Support Ticket" section, and your site will be ready for the launch.
mmh no the website is vulnerable to XSS and SQL injection
Ok, i finish the test and here is the report.
First of all, congrats for your site. Have a great looking.
I just create a account, got 1 mail for the verification, and after that got another mail with the user to login, The register and login system work great.
I take a look to the different pages on your site and only found one problem:
You don't have catcha in the ticket "Create a New Support Ticket":
http://i57.tinypic.com/2j2eovl.png
If i use the next code, i can auto post a ticket;
And that mean i can send you 1000 tickets if i want with a script. And was thinking in do it, but better report it here
At the same time, i test your site with nikto to find some vulns, but you dont have any vuln. there.
Only include a captcha on that "Create a New Support Ticket" section, and your site will be ready for the launch.
First of all, congrats for your site. Have a great looking.
I just create a account, got 1 mail for the verification, and after that got another mail with the user to login, The register and login system work great.
I take a look to the different pages on your site and only found one problem:
You don't have catcha in the ticket "Create a New Support Ticket":
If i use the next code, i can auto post a ticket;
Code:
VERSION BUILD=8920312 RECORDER=FX
TAB T=1
URL GOTO=http://www.100bit.co.in/support.php
TAG POS=1 TYPE=INPUT:TEXT FORM=NAME:frmsearch ATTR=NAME:adtitle CONTENT=test01
TAG POS=1 TYPE=TEXTAREA FORM=NAME:frmsearch ATTR=NAME:ticket_desc CONTENT=test0011
TAG POS=1 TYPE=INPUT:SUBMIT FORM=NAME:frmsearch ATTR=NAME:ticket
And that mean i can send you 1000 tickets if i want with a script. And was thinking in do it, but better report it here
At the same time, i test your site with nikto to find some vulns, but you dont have any vuln. there.
Code:
[usr@localhost ~]$ nikto -h www.100bit.co.in
- ***** RFIURL is not defined in nikto.conf--no RFI tests will run *****
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP: 104.28.28.49
+ Target Hostname: www.100bit.co.in
+ Target Port: 80
+ Start Time: 2015-04-04 10:22:52 (GMT-6)
---------------------------------------------------------------------------
+ Server: cloudflare-nginx
+ Cookie __cfduid created without the httponly flag
+ Uncommon header 'cf-ray' found, with contents: 1d1e5ac1ed8d1431-LAX
+ Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server banner has changed from 'cloudflare-nginx' to '-nginx' which may suggest a WAF, load balancer or proxy is in place
+ 4197 items checked: 0 error(s) and 3 item(s) reported on remote host
+ End Time: 2015-04-04 10:28:24 (GMT-6) (332 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
[usr@localhost ~]$
Only include a captcha on that "Create a New Support Ticket" section, and your site will be ready for the launch.
I'm testing the site now, if i found something i will let you know.
Thanks. The more people join, the better the testing will be. One needs to pick up order placed by another.
congracts for your site..
any joining bonus??
any joining bonus??
Sorry... no joining bonus as such.
This is not a bug but it is incredibly annoying to register and login, why dont you just let people chose their username instead of sending an email to confirm registration and then another email with your id wich is only numbers ?
Sorry about the annoyance. It was in fact done on purpose not to create user id for those who puts in wrong email id for spamming. But, thank you for pointing it out. Feel free to point out anything else that might appear to be annoying to you. If we can change that, we will definitely do.
This is not a bug but it is incredibly annoying to register and login, why dont you just let people chose their username instead of sending an email to confirm registration and then another email with your id wich is only numbers ?
congracts for your site..
any joining bonus??
any joining bonus??
Hello, from 100bit.co.in. This is a new platform allowing buyers and sellers to directly exchange FIAT and Alt coins with each other against bitcoin. It is free to join the platform and exchange cost per trade is 0.1% of the trade amount. We announced start of our work in March 22, 2014 and now our BETA platform is ready. At this moment we are looking for some public testing to find some bugs that we might have missed.
Please follow this link & register => www.100bit.co.in/register.php
Please note that, right now, we are in early BETA. Also https is not yet implemented. So, it is recommended NOT to trade big volume for now. If your country/currency is not in the list on registration page, please inform us here. Your feedback for any improvement is highly appreciated.
Please follow this link & register => www.100bit.co.in/register.php
Please note that, right now, we are in early BETA. Also https is not yet implemented. So, it is recommended NOT to trade big volume for now. If your country/currency is not in the list on registration page, please inform us here. Your feedback for any improvement is highly appreciated.
I'm testing the site now, if i found something i will let you know.
Hello, from 100bit.co.in. This is a new platform allowing buyers and sellers to directly exchange FIAT and Alt coins with each other against bitcoin. It is free to join the platform and exchange cost per trade is 0.1% of the trade amount. We announced start of our work in March 22, 2014 and now our BETA platform is ready. At this moment we are looking for some public testing to find some bugs that we might have missed. Please note that, merely mentioning a few bug wont earn you any bounty. You need to explain with example in PM and payment will be disbursed only after bugs are fixed.
Some people have already received payment for finding bugs: https://bitcointalksearch.org/topic/m.11041920
Please follow this link & register => www.100bit.co.in/register.php
Please note that, right now, we are in early BETA. Also https is not yet implemented. So, it is recommended NOT to trade big volume for now. If your country/currency is not in the list on registration page, please inform us here. Your feedback for any improvement is highly appreciated.
Some people have already received payment for finding bugs: https://bitcointalksearch.org/topic/m.11041920
Please follow this link & register => www.100bit.co.in/register.php
Please note that, right now, we are in early BETA. Also https is not yet implemented. So, it is recommended NOT to trade big volume for now. If your country/currency is not in the list on registration page, please inform us here. Your feedback for any improvement is highly appreciated.
Jump to: