Topic: CoinDice - Start your own dice site today. - page 4. (Read 49645 times)
It seems that the script isn't running properly.Maybe after you fix it there will be more buyers.I personally am interested in it but you have to sort things out first so I can be more assured that there won't be any problems.
Found a rather interesting string in HTML on the demo server..
Really this could be exploited.... You should look into obfuscated code,
Someone doing some "deep" digging into this would find the exploit..
I am running some tests and will post the results...
Quote
| INTERESTING STRINGS IN HTML
|
| small>Password:
| button onclick=\"javascript:passwd_protect();return false;\" style=\"padding: 4px;\">Set Password
| img src="content/images/ajax_loader.gif">'); withdrawing=true; _requestWithdraw(w_amount,w_valid); } else { alert('One of required fields stayed empty!'); } } } }); return false; } function passwd_protect() { pass=prompt('Password:'); if (pass!=null && confirm('Your pasword: '+pass+'\nDo you really want to protect your URL with this password?')) { $.ajax({ 'url': './content/ajax/protect_url.php?_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z&pass='+pass, 'dataType': "json", 'success': function(data) { alert('New password has been saved. Your unique URL is now password protected!'); window.location.href='./'; } }); } } function passwd_unprotect() { if (confirm('Do you really want to remove password protection from your unique URL?')) { $.ajax({ 'url': './content/ajax/unprotect_url.php?_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { alert('Your URL password protection has been successfuly removed!'); window.location.href='./'; } }); } } function _changeAlias(alias) { if (alias!=null && alias!='') { $.ajax({ 'url': './content/ajax/change_alias.php?alias='+alias+'&_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { if (data['error']=='no') $("#alias_sp").html(alias); else alert(data['content']); } }); } else if (alias=='') alert('Invalid value!'); } function tm_interval_content_(con) { $.ajax({ 'url': './content/ajax/_stats_load.php?con='+con+'&_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { $("#all.stats #content").html(data['content']); $("#content.stats_switcher a.current").removeClass('current'); $("#content.stats_switcher a#_st_"+con).addClass('current'); } }); if (con!='giveaway' && con!='chat' && con!='stats') timeout_=setTimeout("tm_interval_content_('"+con+"')",1000); } function _stats_content(con) { if (typeof(timeout_)!='undefined') { clearTimeout(timeout_); } tm_interval_content_(con); } var lastClaimed=(Date.now()-(60*1000)-1000); function claim(captcha) { if (lastClaimed
| span id='passwd_sp'>
| img src="content/images/ajax_loader.gif">'); withdrawing=true; _requestWithdraw(w_amount,w_valid); } else { alert('One of required fields stayed empty!'); } } } }); return false; } function passwd_protect() { pass=prompt('Password:'); if (pass!=null && confirm('Your pasword: '+pass+'\nDo you really want to protect your URL with this password?')) { $.ajax({ 'url': './content/ajax/protect_url.php?_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z&pass='+pass, 'dataType': "json", 'success': function(data) { alert('New password has been saved. Your unique URL is now password protected!'); window.location.href='./'; } }); } } function passwd_unprotect() { if (confirm('Do you really want to remove password protection from your unique URL?')) { $.ajax({ 'url': './content/ajax/unprotect_url.php?_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { alert('Your URL password protection has been successfuly removed!'); window.location.href='./'; } }); } } function _changeAlias(alias) { if (alias!=null && alias!='') { $.ajax({ 'url': './content/ajax/change_alias.php?alias='+alias+'&_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { if (data['error']=='no') $("#alias_sp").html(alias); else alert(data['content']); } }); } else if (alias=='') alert('Invalid value!'); } function tm_interval_content_(con) { $.ajax({ 'url': './content/ajax/_stats_load.php?con='+con+'&_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { $("#all.stats #content").html(data['content']); $("#content.stats_switcher a.current").removeClass('current'); $("#content.stats_switcher a#_st_"+con).addClass('current'); } }); if (con!='giveaway' && con!='chat' && con!='stats') timeout_=setTimeout("tm_interval_content_('"+con+"')",1000); } function _stats_content(con) { if (typeof(timeout_)!='undefined') { clearTimeout(timeout_); } tm_interval_content_(con); } var lastClaimed=(Date.now()-(60*1000)-1000); function claim(captcha) { if (lastClaimed
| i>Each deposit requires confirmation(s) before adding to your account
| /div>", type:"info", opacity:0.8, buttons: [{ value: "Close" }], afterShow:"reloadFaircon()" }); return false; } function account() { $.msgBox({ title:"Account", content:"
| a href="#" onclick="javascript:return account();">ACCOUNT
|
| small>Password:
| button onclick=\"javascript:passwd_protect();return false;\" style=\"padding: 4px;\">Set Password
| img src="content/images/ajax_loader.gif">'); withdrawing=true; _requestWithdraw(w_amount,w_valid); } else { alert('One of required fields stayed empty!'); } } } }); return false; } function passwd_protect() { pass=prompt('Password:'); if (pass!=null && confirm('Your pasword: '+pass+'\nDo you really want to protect your URL with this password?')) { $.ajax({ 'url': './content/ajax/protect_url.php?_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z&pass='+pass, 'dataType': "json", 'success': function(data) { alert('New password has been saved. Your unique URL is now password protected!'); window.location.href='./'; } }); } } function passwd_unprotect() { if (confirm('Do you really want to remove password protection from your unique URL?')) { $.ajax({ 'url': './content/ajax/unprotect_url.php?_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { alert('Your URL password protection has been successfuly removed!'); window.location.href='./'; } }); } } function _changeAlias(alias) { if (alias!=null && alias!='') { $.ajax({ 'url': './content/ajax/change_alias.php?alias='+alias+'&_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { if (data['error']=='no') $("#alias_sp").html(alias); else alert(data['content']); } }); } else if (alias=='') alert('Invalid value!'); } function tm_interval_content_(con) { $.ajax({ 'url': './content/ajax/_stats_load.php?con='+con+'&_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { $("#all.stats #content").html(data['content']); $("#content.stats_switcher a.current").removeClass('current'); $("#content.stats_switcher a#_st_"+con).addClass('current'); } }); if (con!='giveaway' && con!='chat' && con!='stats') timeout_=setTimeout("tm_interval_content_('"+con+"')",1000); } function _stats_content(con) { if (typeof(timeout_)!='undefined') { clearTimeout(timeout_); } tm_interval_content_(con); } var lastClaimed=(Date.now()-(60*1000)-1000); function claim(captcha) { if (lastClaimed
| span id='passwd_sp'>
| img src="content/images/ajax_loader.gif">'); withdrawing=true; _requestWithdraw(w_amount,w_valid); } else { alert('One of required fields stayed empty!'); } } } }); return false; } function passwd_protect() { pass=prompt('Password:'); if (pass!=null && confirm('Your pasword: '+pass+'\nDo you really want to protect your URL with this password?')) { $.ajax({ 'url': './content/ajax/protect_url.php?_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z&pass='+pass, 'dataType': "json", 'success': function(data) { alert('New password has been saved. Your unique URL is now password protected!'); window.location.href='./'; } }); } } function passwd_unprotect() { if (confirm('Do you really want to remove password protection from your unique URL?')) { $.ajax({ 'url': './content/ajax/unprotect_url.php?_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { alert('Your URL password protection has been successfuly removed!'); window.location.href='./'; } }); } } function _changeAlias(alias) { if (alias!=null && alias!='') { $.ajax({ 'url': './content/ajax/change_alias.php?alias='+alias+'&_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { if (data['error']=='no') $("#alias_sp").html(alias); else alert(data['content']); } }); } else if (alias=='') alert('Invalid value!'); } function tm_interval_content_(con) { $.ajax({ 'url': './content/ajax/_stats_load.php?con='+con+'&_unique=1SKNkgGOqVHNiNIlSD4yesGdtyehp34z', 'dataType': "json", 'success': function(data) { $("#all.stats #content").html(data['content']); $("#content.stats_switcher a.current").removeClass('current'); $("#content.stats_switcher a#_st_"+con).addClass('current'); } }); if (con!='giveaway' && con!='chat' && con!='stats') timeout_=setTimeout("tm_interval_content_('"+con+"')",1000); } function _stats_content(con) { if (typeof(timeout_)!='undefined') { clearTimeout(timeout_); } tm_interval_content_(con); } var lastClaimed=(Date.now()-(60*1000)-1000); function claim(captcha) { if (lastClaimed
| i>Each deposit requires confirmation(s) before adding to your account
| /div>", type:"info", opacity:0.8, buttons: [{ value: "Close" }], afterShow:"reloadFaircon()" }); return false; } function account() { $.msgBox({ title:"Account", content:"
| a href="#" onclick="javascript:return account();">ACCOUNT
Really this could be exploited.... You should look into obfuscated code,
Someone doing some "deep" digging into this would find the exploit..
I am running some tests and will post the results...
A message was sent to you, Please see and send answer. 
Is there a easy way to change the website to use fake money instead of bitcoins?
For testing purposes.
For testing purposes.
Yes, you just connect it to Tested enabled wallet when installing.
Is there a easy way to change the website to use fake money instead of bitcoins?
For testing purposes.
For testing purposes.
I just had a look and this is awful code. Why is it all ajax calls? Why you not using websockets?
With even a little load this will bog down. You need to at least have a websocket server for doing all the communications like betting.
Even the chat function is ajax calls. This is bad design!
For 1btc, I suppose there can't be too much expectation. But if you are going to do something, do it right!
Also, don't you think there is already enough dice sites? Why do we need more?
With even a little load this will bog down. You need to at least have a websocket server for doing all the communications like betting.
Even the chat function is ajax calls. This is bad design!
For 1btc, I suppose there can't be too much expectation. But if you are going to do something, do it right!
Also, don't you think there is already enough dice sites? Why do we need more?
its nice to see such a script for sale. Can you easily restrict various locations through the admin panel?
replied in PM. 
its nice to see such a script for sale. Can you easily restrict various locations through the admin panel?
Update 31.5.2015
2 serious bugs have been analyzed and fixed. Sorry for taking so long. We've been working on in-depth security revision in association with 3rd party and it took some time.
Did the bug exist in all the three scripts ? I sent you a message 2 days before. Still didn't receive a reply. 2 serious bugs have been analyzed and fixed. Sorry for taking so long. We've been working on in-depth security revision in association with 3rd party and it took some time.
Sorry, I have overlooked it somehow. Replied.
No, these bugs concerned only coindice.
Update 31.5.2015
2 serious bugs have been analyzed and fixed. Sorry for taking so long. We've been working on in-depth security revision in association with 3rd party and it took some time.
Did the bug exist in all the three scripts ? I sent you a message 2 days before. Still didn't receive a reply. 2 serious bugs have been analyzed and fixed. Sorry for taking so long. We've been working on in-depth security revision in association with 3rd party and it took some time.
Update 31.5.2015
2 serious bugs have been analyzed and fixed. Sorry for taking so long. We've been working on in-depth security revision in association with 3rd party and it took some time.
2 serious bugs have been analyzed and fixed. Sorry for taking so long. We've been working on in-depth security revision in association with 3rd party and it took some time.
How much for a reskin in green?
It depends how much you want to change it. Can you describe us more your idea?
How much for a reskin in green?
Happy Resurrection Day to all of our customers!
"New Skin Demo" seems to be dead, heads up.
It was down due to actualization to the latest version.. It's up again.
"New Skin Demo" seems to be dead, heads up.
screenshots of this invest option and more details about it.
http://imgur.com/a/ezogS
You can try it on our demo site.
screenshots of this invest option and more details about it.
CoinDice 5 released.
Changelog:
- INVEST FEATURE
- code improvements
Buy on Cointoli for BTC 1.1
Update has been sent to all current buyers automatically. If your email is no longer the same, please leave me PM.
Changelog:
- INVEST FEATURE
- code improvements
Buy on Cointoli for BTC 1.1
Update has been sent to all current buyers automatically. If your email is no longer the same, please leave me PM.
Jump to: