Topic: Coindice [Warning] + Free Download (Read 1892 times)
this script is ridiculous and yes johnny does make new admin accounts and drains wallets happened to a few people and when they confronted him he just kept deleting thier posts in his thread, use at your own risk, dont ever forget SSL and dont just remove the install folder, remove the admin panel unless its being used, or create your own.
Anyone got a download link that works for this? If so please PM me it.
I never heard of this script. But I am a security researcher, if you want me to check this script, you can send it to me. We can agree on bounty per security bug only if I find some. Even the owner of the script can contact me I guess. In the end I will however not guarantee that it's 100% safe, but it should be possible to check it all code.
Asked Dogemogul to fix my sites. still coins got withdrawn by attacker.
I'm working on it too.. BTW your link is dead, but I managed to grab the copies of CoinDice 2.0 and CoinWheel 1.0 a while back when you posted it. If anyone wants, PM me and I'll give you links. I'm not too concerned with Johny getting upset about it, I've heard the stories of extra admin accounts getting added, wallets emptied. I don't think that's a bug, but a "feature", lol.
I'd like to collaborate to get CoinDice and even CoinWheel fixed up and secure. I'm sick of all the malware and scams floating around, let's do something about it.
Edit: I'm still learning PHP and SQL but it kinda looks to me like there's a few ways to elevate yourself to admin privs in the script.. in /admin/login.php, /admin/pages/admins.php and /admin/ajax/edit_admin.php
And also what's up with the install script, it inserts an admin with what I'm assuming is a hash for the PW into the table.. I thought the admin account is made through the form in the script.. Haven't gotten as far as installing it on my test server. Betting it inserts that admin account, then you make your own, leaving a door for the author. I'm not sure about some of those other instances that update the admins table, not sure if the case is if the login is empty then it makes you an admin or it makes admin out of a regular authenticated user.. It's a bit tricky and I'm having a difficult time sorting out what should be there from what shouldn't. Unless Dogemogul can provide some fixed code or a good point of reference my only option is trial and error.. lots of it. Ugh.
Any help would be awesome.
I'd like to collaborate to get CoinDice and even CoinWheel fixed up and secure. I'm sick of all the malware and scams floating around, let's do something about it.
Edit: I'm still learning PHP and SQL but it kinda looks to me like there's a few ways to elevate yourself to admin privs in the script.. in /admin/login.php, /admin/pages/admins.php and /admin/ajax/edit_admin.php
And also what's up with the install script, it inserts an admin with what I'm assuming is a hash for the PW into the table.. I thought the admin account is made through the form in the script.. Haven't gotten as far as installing it on my test server. Betting it inserts that admin account, then you make your own, leaving a door for the author. I'm not sure about some of those other instances that update the admins table, not sure if the case is if the login is empty then it makes you an admin or it makes admin out of a regular authenticated user.. It's a bit tricky and I'm having a difficult time sorting out what should be there from what shouldn't. Unless Dogemogul can provide some fixed code or a good point of reference my only option is trial and error.. lots of it. Ugh.
Any help would be awesome.
No, the coindice script developed by johnny is full of bugs/holes/security issues. in which i have fixed
Is there anything good with this script? I don't remember reading any positive feedback, only that it's full of flaws and people loosing money from their wallets
I almost understood what you were saying
"And that's why there are patents, and why patents trolls go."
So your saying some css boxes and a case switch is so difficult... that no one could possibly have done that on their own?
Please act like a Sr. Member and don't troll. Thanks
It makes you look so less credible than people would think. Imitation is the best form of flattery so if someone wants to open a site that looks just like yours let them? Isn't it better advertisement for your site?
Imitation ? Or you just did a copy / paste ? It makes you look so less credible than people would think. Imitation is the best form of flattery so if someone wants to open a site that looks just like yours let them? Isn't it better advertisement for your site?
Please act like a Sr. Member and don't troll. Thanks
It makes you look so less credible than people would think. Imitation is the best form of flattery so if someone wants to open a site that looks just like yours let them? Isn't it better advertisement for your site?
It makes you look so less credible than people would think. Imitation is the best form of flattery so if someone wants to open a site that looks just like yours let them? Isn't it better advertisement for your site?
Fail !
all you "may" "done" would be copying and "fixing" "holes".
Buy some design skills and we may talk later.
all you "may" "done" would be copying and "fixing" "holes".
Buy some design skills and we may talk later.
For those of you using johnny's please be warned..
All current websites using his script have been "hacked" or lost all their coins. It's pretty ridiculous how people still keep
buying his script when even the DEMO he uses isn't working..
For security purposes please download and view his script before purchasing so you can actually see how many
"holes" there are.
-Unadultered Coindice Script-
THIS IS FOR SECURITY TESTING ONLY
https://mega.co.nz/#!SR5z0DRI!ErS5-UtscChLsH6Ldm2-YvnBmJXU2PBo-xsYUENJDI0
(if you believe this is a virus or what not, it's just a ton of php files you can view/modify)
If you wish to install this please redo the following files, they are full of bugs not fixed in any version of coindice (even 3.2?)
../content/cron/check_deposits.php
../content/ajax/withdraw.php
../content/ajax/place.php
../index.php
../admin/(all the files in the admin folder, he's pretty sneaky)
All current websites using his script have been "hacked" or lost all their coins. It's pretty ridiculous how people still keep
buying his script when even the DEMO he uses isn't working..
For security purposes please download and view his script before purchasing so you can actually see how many
"holes" there are.
-Unadultered Coindice Script-
THIS IS FOR SECURITY TESTING ONLY
https://mega.co.nz/#!SR5z0DRI!ErS5-UtscChLsH6Ldm2-YvnBmJXU2PBo-xsYUENJDI0
(if you believe this is a virus or what not, it's just a ton of php files you can view/modify)
If you wish to install this please redo the following files, they are full of bugs not fixed in any version of coindice (even 3.2?)
../content/cron/check_deposits.php
../content/ajax/withdraw.php
../content/ajax/place.php
../index.php
../admin/(all the files in the admin folder, he's pretty sneaky)
Jump to: