Bitcoin Forum>Economy>Marketplace>Services
Pages:
Author

Topic: [BOUNTY] 0.03 BTC for testing (Read 1584 times)

josef2000
sr. member
Activity: 280
Merit: 250
Bro, you need to try http://dadice.com
[BOUNTY] 0.03 BTC for testing
January 05, 2015, 06:21:18 AM
#31
Quote from: btc_enigma on December 31, 2014, 07:53:34 AM
Update

hexafraction  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Quote
I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same
I have checked the database you tried to register [email protected], but were not able to activate it because you don't own the email id. So even if you register no harm done. Real owner of [email protected] can still login with his/her googleplus account
I tried with another email, a gmail.
I successfully registered, but also can login with google plus with that email without the website password. All the informations saved in that account is same as the normal Email account(Wallet-watcher)

Email [email protected]

You need to try to register an gmail-Email. Then register an account with it on your website.
When you try to use Googleplus to login with that email, without even knowing the password of the website.
franckuestein
legendary
Activity: 1960
Merit: 1130
Truth will out!
Re: [BOUNTY] 0.03 BTC for testing
January 04, 2015, 08:09:29 AM
#30
Quote from: btc_enigma on January 04, 2015, 03:57:07 AM
tx submitted https://blockchain.info/tx-index/58d836af92faba264da061123a9ff6f1f360dad6af148a546d44dfa15713ec46

I think that we didn't found major bugs on the site but @akula999 and me made some suggestions on the code/style and Query's, so maybe a tip could be nice!  Wink
Some browsers detect it as a problem so sending recommendations to you is helping, too  Cheesy
btc_enigma
hero member
Activity: 692
Merit: 569
Re: [BOUNTY] 0.03 BTC for testing
January 04, 2015, 03:57:07 AM
#29
tx submitted https://blockchain.info/tx-index/58d836af92faba264da061123a9ff6f1f360dad6af148a546d44dfa15713ec46
whitewhidow
member
Activity: 112
Merit: 10
Re: [BOUNTY] 0.03 BTC for testing
January 03, 2015, 03:23:40 PM
#28
Quote from: btc_enigma on January 01, 2015, 05:22:29 AM
Quote from: hexafraction on December 31, 2014, 01:36:08 PM
Quote from: btc_enigma on December 31, 2014, 07:53:34 AM
Update

xxxxxxxxx  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Please don't post my email directly Smiley

Sorry, edited

edited, but its still in all your quotes guys ,  lol
hexafraction
sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
Re: [BOUNTY] 0.03 BTC for testing
January 03, 2015, 07:27:59 AM
#27
Quote from: btc_enigma on January 03, 2015, 07:09:03 AM
None reported 3 major bugs.

i am giving 0.01 BTC for major bug to hexafraction,
also giving 0.01 BTC for interesting minor bug to small

Please let me know your bitcoin addresses to claim bounty


1G45ku6gQfiNYmPJoFaaMAYD2mx9zq16E

Quote from: btc_enigma on January 03, 2015, 06:55:08 AM
Quote
May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked
Sorry, I didnt get this . Can you elaborate on how this should work?

I think the idea was something along the lines of blockonomics having a private key for multisig and using it to co-sign the transaction with an external key.
btc_enigma
hero member
Activity: 692
Merit: 569
Re: [BOUNTY] 0.03 BTC for testing
January 03, 2015, 07:09:03 AM
#26
None reported 3 major bugs.

i am giving 0.01 BTC for major bug to hexafraction,
also giving 0.01 BTC for interesting minor bug to small

Please let me know your bitcoin addresses to claim bounty
btc_enigma
hero member
Activity: 692
Merit: 569
Re: [BOUNTY] 0.03 BTC for testing
January 03, 2015, 06:55:08 AM
#25
Quote from: vm_mpn on December 30, 2014, 08:34:58 PM
Oh! What a wonderful idea for a service / website. May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked. Just thinking out loud. Bravo!
thanks, please considering subscribing to our project development thread https://bitcointalksearch.org/topic/ann-address-wallet-watcher-blockonomics-880995. You can follow updates to our site here.
Quote
May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked
Sorry, I didnt get this . Can you elaborate on how this should work?
btc_enigma
hero member
Activity: 692
Merit: 569
Re: [BOUNTY] 0.03 BTC for testing
January 01, 2015, 05:22:29 AM
#24
Quote from: hexafraction on December 31, 2014, 01:36:08 PM


Please don't post my email directly Smiley

Sorry, edited
hexafraction
sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
Re: [BOUNTY] 0.03 BTC for testing
December 31, 2014, 01:36:08 PM
#23
Quote from: btc_enigma on December 31, 2014, 07:53:34 AM
Update

hexafraction AT gmail DOT com  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Please don't post my email directly Smiley
btc_enigma
hero member
Activity: 692
Merit: 569
Re: [BOUNTY] 0.03 BTC for testing
December 31, 2014, 07:53:34 AM
#22
Update

hexafraction  has found a major security flaw, he has registered and activated account with emailid field containing multiple fields separated by comma.

I will wait few more days for someone to report any more major bugs

Quote
I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same
I have checked the database you tried to register [email protected], but were not able to activate it because you don't own the email id. So even if you register no harm done. Real owner of [email protected] can still login with his/her googleplus account
btc_enigma
hero member
Activity: 692
Merit: 569
Re: [BOUNTY] 0.03 BTC for testing
December 31, 2014, 07:46:12 AM
#21
Quote from: franckuestein on December 30, 2014, 09:14:47 PM
@btc_enigma, did you solved the scripts pointing to the correct location as well as the scripts references?
Me and a user after my comment reported that problem and I just want to know if everything is ok now and your site is fully optimized Wink

Thanks!

Hey thanks, we are still fixing it
franckuestein
legendary
Activity: 1960
Merit: 1130
Truth will out!
Re: [BOUNTY] 0.03 BTC for testing
December 30, 2014, 09:14:47 PM
#20
@btc_enigma, did you solved the scripts pointing to the correct location as well as the scripts references?
Me and a user after my comment reported that problem and I just want to know if everything is ok now and your site is fully optimized Wink

Thanks!
vm_mpn
hero member
Activity: 605
Merit: 500
Re: [BOUNTY] 0.03 BTC for testing
December 30, 2014, 08:34:58 PM
#19
Oh! What a wonderful idea for a service / website. May be you can add some multisig capability where your registered users can login and confirm their wallet transactions in case they are getting hacked. Just thinking out loud. Bravo!
josef2000
sr. member
Activity: 280
Merit: 250
Bro, you need to try http://dadice.com
Re: [BOUNTY] 0.03 BTC for testing
December 30, 2014, 06:18:03 PM
#18
Quote from: btc_enigma on December 30, 2014, 05:07:09 PM
Quote from: btc_enigma on December 14, 2014, 06:32:28 AM
Small errors:
Cant go back from register page to homepage without forcing back button.
Always shows balances approx 30 min behind the blockchain in adress watcher (not immidiate update of balance)
This is correct, it waits for 2 confirmations. You can see synced till block on dashboard

Thats how hackers could easily get your password.

I cant prove this. you need to try this. just register any gmail account and try. The thing is, that someone, who knows the googleplus email of the victim, can register with the same email of the googleplus account. and the database and information is same
btc_enigma
hero member
Activity: 692
Merit: 569
Re: [BOUNTY] 0.03 BTC for testing
December 30, 2014, 05:07:09 PM
#17
Quote from: btc_enigma on December 14, 2014, 06:32:28 AM
Small errors:
Cant go back from register page to homepage without forcing back button.
Always shows balances approx 30 min behind the blockchain in adress watcher (not immidiate update of balance)
This is correct, it waits for 2 confirmations. You can see synced till block on dashboard
josef2000
sr. member
Activity: 280
Merit: 250
Bro, you need to try http://dadice.com
Re: [BOUNTY] 0.03 BTC for testing
December 30, 2014, 04:04:45 PM
#16
When I do some small configs. THIS HAPPENS... Not going to say how until bounty given. So every hacker can steal the password easily





Password register problem. Not going to say how until bounty given



You can register an already registered google plus account email(e.g [email protected]). when you login, you can access all the data on the google plus account.

e.g some one logged in with [email protected] GOOGLE PLUS. But I can still register ac account with [email protected], which has all the information the google plus account has saved.

Mainly uses public scripts:



Small errors:
Cant go back from register page to homepage without forcing back button.
Always shows balances approx 30 min behind the blockchain in adress watcher (not immidiate update of balance)


akula999
hero member
Activity: 509
Merit: 500
Re: [BOUNTY] 0.03 BTC for testing
December 29, 2014, 09:13:14 PM
#15
slight spelling error - when clicking on login with an incorrect username/password - invalid emailid (no spaces) shows up. Email ID...

Not sizing properly on android and on linux\ubuntu - tolerable Smiley

Script pointing needs a little cleaning

Once you're logged in, there is no way to log out.

Other than that, not bad...
franckuestein
legendary
Activity: 1960
Merit: 1130
Truth will out!
Re: [BOUNTY] 0.03 BTC for testing
December 29, 2014, 03:04:25 PM
#14
Hi @btc_enigma! I was analyzing your site to check everything and know if there are problems and that are my suggestions  Wink

Site have a Javascript problem know as:
TypeError:
undefined is not a function (evaluating '$("input[type='tel']").intlTelInput({ defaultCountry: "auto" })')

You can solve it easily:
  • Make sure you have all the scripts pointing to the correct location in your workspace.
  • Add, jQuery and reference to the scripts after the control.
Remark that you're using jQuery v2.1.1 on your site, just as a reminder  Wink

Check it out everything and seems to be ok, site looks really good!
btc_enigma
hero member
Activity: 692
Merit: 569
Re: [BOUNTY] 0.03 BTC for testing
December 29, 2014, 12:02:29 PM
#13
Quote from: BitcoinAddicts on December 29, 2014, 11:55:31 AM
just a suggestion
you should work on your site design
i love your idea behind this
it is a good feature to monitor our wallet transaction with email

Quote from: viriat0 on December 29, 2014, 09:39:28 AM

Good service!

It will be very useful!

Thanks a lot for your support . You can post suggestions  / monitor updates to our service on our project development thread https://bitcointalksearch.org/topic/m.9861010

Cheers !
btc_enigma
hero member
Activity: 692
Merit: 569
Re: [BOUNTY] 0.03 BTC for testing
December 29, 2014, 11:56:25 AM
#12
Quote from: hexafraction on December 29, 2014, 09:35:19 AM
Is there no way to change a password?

Yes, right way there is no way to change password. Only way is to mail administrator to deactivate account, they you can reregister with new password
Pages:
Bitcoin Forum>Economy>Marketplace>Services
Jump to: