Announcement:
Critical bug has been repaired with version 1.4
v1.4 CHANGELOG
- Layout fixed
- Code improvements
- Minor bugs fixed
- Negative withdraw bug fixed
- Double withdrawal bug fixed
Please PM me for update.
Topic: CoinJack - start your own blackjack casino! - page 12. (Read 36758 times)
"so your customization is not needed"
So your advising everyone to wait on the latest update and remain vulnerable to this exploit? For now, I will use (double)$_GET['amount'] < 0 as a fail-safe.
So your advising everyone to wait on the latest update and remain vulnerable to this exploit? For now, I will use (double)$_GET['amount'] < 0 as a fail-safe.
Solution is adding this line above mentioned line:
Code:
$settings=mysql_fetch_array(mysql_query("SELECT * FROM `system` WHERE `id`=1 LIMIT 1"));
This will solve 2 problems in one. This exactly will be included in text release. We're still waiting for double withdrawals solution (which CryptoTV posted) so we do recommend stop all your casinos until this bug is solved.
Got it. That is a better solution.
"so your customization is not needed"
So your advising everyone to wait on the latest update and remain vulnerable to this exploit? For now, I will use (double)$_GET['amount'] < 0 as a fail-safe.
So your advising everyone to wait on the latest update and remain vulnerable to this exploit? For now, I will use (double)$_GET['amount'] < 0 as a fail-safe.
Solution is adding this line above mentioned line:
Code:
$settings=mysql_fetch_array(mysql_query("SELECT * FROM `system` WHERE `id`=1 LIMIT 1"));
This will solve 2 problems in one. This exactly will be included in next release. We're still waiting for double withdrawals solution (which CryptoTV posted) so we do recommend stop all your casinos until this bug is solved.
"so your customization is not needed"
So your advising everyone to wait on the latest update and remain vulnerable to this exploit? For now, I will use (double)$_GET['amount'] < 0 as a fail-safe.
So your advising everyone to wait on the latest update and remain vulnerable to this exploit? For now, I will use (double)$_GET['amount'] < 0 as a fail-safe.
I was able to isolate and correct the negative withdraw exploit bug last night. This problem impacts all your software.
Update content/ajax/_withdraw.php
Replace line:
if (!is_numeric($_GET['amount']) || (double)$_GET['amount']>$player['balance'] || (double)$_GET['amount']<$settings['min_withdrawal']) {
With Line:
if (!is_numeric($_GET['amount']) || (double)$_GET['amount'] < 0 || (double)$_GET['amount']>$player['balance'] || (double)$_GET['amount']<$settings['min_withdrawal']) {
The developer really should look into PDO vs mysql_real_escape_string() to better cage SQL queries.
Donations accepted: 1QBvqa2E7AAMb6jpn6UxobaKNf4CvXy1U3
www.worldcoin.ninja
Update content/ajax/_withdraw.php
Replace line:
if (!is_numeric($_GET['amount']) || (double)$_GET['amount']>$player['balance'] || (double)$_GET['amount']<$settings['min_withdrawal']) {
With Line:
if (!is_numeric($_GET['amount']) || (double)$_GET['amount'] < 0 || (double)$_GET['amount']>$player['balance'] || (double)$_GET['amount']<$settings['min_withdrawal']) {
The developer really should look into PDO vs mysql_real_escape_string() to better cage SQL queries.
Donations accepted: 1QBvqa2E7AAMb6jpn6UxobaKNf4CvXy1U3
www.worldcoin.ninja
The problem is actualy in this: (double)$_GET['amount']<$settings['min_withdrawal'] because variable $settings is not defined (and $settings['min_withdrawal'] would otherwise be protected against negative value so your customization is not needed). This is fixed already and waiting for next script release. However we are talking about another bug which needs to be fixed yet.
Thanks anyway
I was able to isolate and correct the negative withdraw exploit bug last night. This problem impacts all your software.
Update content/ajax/_withdraw.php
Replace line:
if (!is_numeric($_GET['amount']) || (double)$_GET['amount']>$player['balance'] || (double)$_GET['amount']<$settings['min_withdrawal']) {
With Line:
if (!is_numeric($_GET['amount']) || (double)$_GET['amount'] < 0 || (double)$_GET['amount']>$player['balance'] || (double)$_GET['amount']<$settings['min_withdrawal']) {
The developer really should look into PDO vs mysql_real_escape_string() to better cage SQL queries.
Donations accepted: 1QBvqa2E7AAMb6jpn6UxobaKNf4CvXy1U3
www.worldcoin.ninja
Update content/ajax/_withdraw.php
Replace line:
if (!is_numeric($_GET['amount']) || (double)$_GET['amount']>$player['balance'] || (double)$_GET['amount']<$settings['min_withdrawal']) {
With Line:
if (!is_numeric($_GET['amount']) || (double)$_GET['amount'] < 0 || (double)$_GET['amount']>$player['balance'] || (double)$_GET['amount']<$settings['min_withdrawal']) {
The developer really should look into PDO vs mysql_real_escape_string() to better cage SQL queries.
Donations accepted: 1QBvqa2E7AAMb6jpn6UxobaKNf4CvXy1U3
www.worldcoin.ninja
CryptoTV, I've sent you PM. Please respond as soon as possible so I can know what exactly happened.
Sales has been stopped until this is solved. .. fixed in 1.4. Sales are restored.
Johny
Johny
what is the damage in btc?
Welp guys, dont buy this script. Just got hacked, all my wallets just got wiped.
The dude made fake deposits and then real withdraws.
I assume your TOS on refunding wiped coins from hacks applies to my situation. I would recomend anyone who has bough this script to move your coins asap until this is fixed.
One of the 4 sites had the updated 1.2 Coinjack so the bug in the current version also.
The dude made fake deposits and then real withdraws.
I assume your TOS on refunding wiped coins from hacks applies to my situation. I would recomend anyone who has bough this script to move your coins asap until this is fixed.
One of the 4 sites had the updated 1.2 Coinjack so the bug in the current version also.
CoinJack 1.2 just released. All bugs has been fixed.
Buyers PM me for update.
Buyers PM me for update.
double down and splits are still not giving players the correct win amount. As this is a game breaking bug, we need to get this straightened out right away.
for now I am glad I didnt buy the script. those bugs shouldnt be there.
CoinJack 1.2 just released. All bugs has been fixed.
Buyers PM me for update.
Buyers PM me for update.
double down and splits are still not giving players the correct win amount. As this is a game breaking bug, we need to get this straightened out right away.
CoinJack 1.2 just released. All bugs has been fixed.
Buyers PM me for update.
Buyers PM me for update.
When should we expect an updated version? Thanks!
The dev has been sick the past few days (so has many other people). He just replied back to me and should be taking a look at the bugs that was found. He was super quick with fixing the other bugs I've found so I'm guessing he will be no different this time and should have a solution for this issue quickly.
Was the deposit issue fixed? I was up for a few hours was working fine, then just stopped working.
Yea have been having the same issue. I'm sure the devs are looking into it as it is happening to everyone who has the script I think.
Ok guys thank you all for bug reports. Tomorrow will be released new version with fixes, we're currently working on it.
Johny
Johny
When should we expect an updated version? Thanks!
also can you look into this CSS bug. this is not my SS but it does this also when I load the game in Firefox.
The card totals are showing up above and below the left side menus.
Also, notice how many suits are not the correct color? heheh 6 out of 7
When should we expect an updated version? Thanks!
The dev has been sick the past few days (so has many other people). He just replied back to me and should be taking a look at the bugs that was found. He was super quick with fixing the other bugs I've found so I'm guessing he will be no different this time and should have a solution for this issue quickly.
New bug Report.
Hey hands with double down are not paying out correctly. for example, my balance is 10, my bet is 1, I double down so my balance is now 8. If I win that hand, my balance becomes 10 instead of 12.
this is pretty big. please fix it soon.
Also, not as important but I just noticed it. Sometimes the card suits are the wrong color. A diamond will be black or a spade will be red that kinda thing.
Hey hands with double down are not paying out correctly. for example, my balance is 10, my bet is 1, I double down so my balance is now 8. If I win that hand, my balance becomes 10 instead of 12.
this is pretty big. please fix it soon.
Also, not as important but I just noticed it. Sometimes the card suits are the wrong color. A diamond will be black or a spade will be red that kinda thing.
just my 2 cents for the BJ. the player should get the first card then the house etc., your script it is vice versa.
Yes, Blackjack is played right-to-left then dealer.
thanks for confirming it. interesting that buyers of the script are not complaining about that important point. did someone check the provably fair? is it?
Important? It's just order of getting cards, winning odds are same.
LOL! sorry for that, but this answer shows that You are an excellent script coder but no clue about gambling and rules. why are you changing the rules of this old game. no need to invent the wheel again. the house gives the 1st card to the player and so on. easy as that. I just wanted to be helpful.
Ok, sorry about my ignorance and thank you for letting us know, I just didn't think it's so important, but I'm going to correct it in the next version. Thanks again.
Johny
Yes, it looks weird when the dealer gets the first card. I know it's not stats changing but very much an important part of how card games work. The person left of dealer gets the first card. This will be more important for multi player blackjack.
BUG REPORT!
Deposits not showing up to players accounts but are showing up in the wallet.
Two players have confirmed and I have tested it on a few accounts.
Don't know what the issue is but has been working great for a few days and now deposits are not showing up in players accounts.
Player accounts are being built, manual credit is still good so I can give them what they deposited but only withdraws are showing up and no more deposits.
Deposits not showing up to players accounts but are showing up in the wallet.
Two players have confirmed and I have tested it on a few accounts.
Don't know what the issue is but has been working great for a few days and now deposits are not showing up in players accounts.
Player accounts are being built, manual credit is still good so I can give them what they deposited but only withdraws are showing up and no more deposits.
PM sent.
PM sent, let me know when you need anything.
Jump to: