Author

Topic: Coindice [Warning] + Free Download (Read 1897 times)

full member
Activity: 168
Merit: 100
May 05, 2014, 01:22:13 AM
#14
this script is ridiculous and yes johnny does make new admin accounts and drains wallets happened to a few people and when they confronted him he just kept deleting thier posts in his thread, use at your own risk, dont ever forget SSL and dont just remove the install folder, remove the admin panel unless its being used, or create your own.
newbie
Activity: 4
Merit: 0
May 04, 2014, 11:44:31 PM
#13
Anyone got a download link that works for this? If so please PM me it.
legendary
Activity: 1876
Merit: 1295
DiceSites.com owner
April 29, 2014, 07:17:10 PM
#12
I never heard of this script. But I am a security researcher, if you want me to check this script, you can send it to me. We can agree on bounty per security bug only if I find some. Even the owner of the script can contact me I guess. In the end I will however not guarantee that it's 100% safe, but it should be possible to check it all code.
full member
Activity: 164
Merit: 100
jld.kr - Cryptocurrency Web Development !
April 29, 2014, 11:32:06 AM
#11
Asked Dogemogul to fix my sites. still coins got withdrawn by attacker.
hero member
Activity: 546
Merit: 501
April 28, 2014, 04:02:48 PM
#10
I'm working on it too.. BTW your link is dead, but I managed to grab the copies of CoinDice 2.0 and CoinWheel 1.0 a while back when you posted it. If anyone wants, PM me and I'll give you links. I'm not too concerned with Johny getting upset about it, I've heard the stories of extra admin accounts getting added, wallets emptied. I don't think that's a bug, but a "feature", lol.

I'd like to collaborate to get CoinDice and even CoinWheel fixed up and secure. I'm sick of all the malware and scams floating around, let's do something about it.



Edit: I'm still learning PHP and SQL but it kinda looks to me like there's a few ways to elevate yourself to admin privs in the script.. in /admin/login.php, /admin/pages/admins.php  and /admin/ajax/edit_admin.php

And also what's up with the install script, it inserts an admin with what I'm assuming is a hash for the PW into the table.. I thought the admin account is made through the form in the script.. Haven't gotten as far as installing it on my test server. Betting it inserts that admin account, then you make your own, leaving a door for the author. I'm not sure about some of those other instances that update the admins table, not sure if the case is if the login is empty then it makes you an admin or it makes admin out of a regular authenticated user.. It's a bit tricky and I'm having a difficult time sorting out what should be there from what shouldn't. Unless Dogemogul can provide some fixed code or a good point of reference my only option is trial and error.. lots of it. Ugh.

Any help would be awesome.
newbie
Activity: 32
Merit: 0
April 20, 2014, 01:06:53 AM
#9
No, the coindice script developed by johnny is full of bugs/holes/security issues. in which i have fixed
sr. member
Activity: 390
Merit: 250
April 20, 2014, 12:45:36 AM
#8
Is there anything good with this script? I don't remember reading any positive feedback, only that it's full of flaws and people loosing money from their wallets
newbie
Activity: 32
Merit: 0
April 18, 2014, 05:29:24 PM
#7
I almost understood what you were saying
hero member
Activity: 952
Merit: 513
April 18, 2014, 02:42:15 PM
#6
"And that's why there are patents, and why patents trolls go."
newbie
Activity: 32
Merit: 0
April 18, 2014, 02:27:02 PM
#5
So your saying some css boxes and a case switch is so difficult... that no one could possibly have done that on their own?
hero member
Activity: 952
Merit: 513
April 18, 2014, 02:19:47 PM
#4
Please act like a Sr. Member and don't troll. Thanks
It makes you look so less credible than people would think. Imitation is the best form of flattery so if someone wants to open a site that looks just like yours let them? Isn't it better advertisement for your site?
Imitation ? Or you just did a copy / paste ?
newbie
Activity: 32
Merit: 0
April 18, 2014, 02:16:29 PM
#3
Please act like a Sr. Member and don't troll. Thanks
It makes you look so less credible than people would think. Imitation is the best form of flattery so if someone wants to open a site that looks just like yours let them? Isn't it better advertisement for your site?
hero member
Activity: 952
Merit: 513
April 18, 2014, 01:01:31 PM
#2
Fail !
all you "may" "done" would be copying and "fixing" "holes".
Buy some design skills and we may talk later.
newbie
Activity: 32
Merit: 0
April 18, 2014, 12:59:01 PM
#1
For those of you using johnny's please be warned..

All current websites using his script have been "hacked" or lost all their coins. It's pretty ridiculous how people still keep
buying his script when even the DEMO he uses isn't working..

For security purposes please download and view his script before purchasing so you can actually see how many
"holes" there are.

-Unadultered Coindice Script-

THIS IS FOR SECURITY TESTING ONLY Wink

https://mega.co.nz/#!SR5z0DRI!ErS5-UtscChLsH6Ldm2-YvnBmJXU2PBo-xsYUENJDI0

(if you believe this is a virus or what not, it's just a ton of php files you can view/modify)

If you wish to install this please redo the following files, they are full of bugs not fixed in any version of coindice (even 3.2?)
../content/cron/check_deposits.php
../content/ajax/withdraw.php
../content/ajax/place.php
../index.php
../admin/(all the files in the admin folder, he's pretty sneaky)

Jump to: