EmpireCoin: Bug bounty program - page 2.

BilalHIMITE

full member

Activity: 159

Merit: 100

Quote from: joey.rich on August 11, 2016, 03:22:28 AM

Quote from: BilalHIMITE on August 10, 2016, 04:13:52 PM

Quote from: KingZee on August 10, 2016, 04:01:36 PM

Quote from: BilalHIMITE on August 10, 2016, 03:55:26 PM

Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.

Looks like another hole different from mine. But yes, all you need is time on your hand to drop all the info from his database down to the last password. If I had more time I'd definitely go through the injection and keep sending SQL requests till I find something that'll genuinely scare him, but I figured only finding the link would be enough for him. I don't think he understands the danger of an SQL injection.

Yes, he doesn't understand that.

I can send commands to the SQL, but I can't get data back.

I've been writing web applications for a long time and certainly understand the risk of SQL injections aka the simplest exploit out there.

However, it does appear that I neglected to correctly escape user-entered BTC addresses in this one case (ie the attack vector pointed out by BilalHIMITE). I have just fixed the issue: https://github.com/TeamEmpireCoin/empirecoin-web/commit/8cdd84c68e5cba5f6ad84489d917943bfc81a07c

BilalHIMITE, please post or PM me your bitcoin address to receive the 0.1 BTC bounty.

15YnqdubKqeq3v7RVaV38Qk7FrvLpvZ5vG

Sended a PM also.

Zoomer

hero member

Activity: 658

Merit: 500

Would it not be a lot cheaper and maybe more safe if you try to hire a professional service for this?

I could be wrong but i think it's really the best and even quicker option since they also offer to fix the issues!

Because what if someone really find a big hole and he will keep it and not tell you, and then use it once there is a lot cash to steal?

Joel_Jantsen

legendary

Activity: 1988

Merit: 1317

Get your game girl

Quote from: KingZee on August 11, 2016, 03:49:04 AM

Well good to know then. There's still an injection in the link I found. My offer still stands if you want to know the link. You also might want to salt or increase the security of the passwords you store, unsalted SHA-256 sent over an unencrypted request is not very secure.

How about I fix that error for you @OP ? I can give you a solution to reject all the external access with the most "easiest" query out there ,like the one mentioned by KInzee.My pen testing tools are on the work!I should report you if I come across any more vulnerabilities!

EDIT : Does ddos attacks counts ?

KingZee

sr. member

Activity: 938

Merit: 452

Check your coin privilege

Quote from: joey.rich on August 11, 2016, 03:22:28 AM

I've been writing web applications for a long time and certainly understand the risk of SQL injections aka the simplest exploit out there.

However, it does appear that I neglected to correctly escape user-entered BTC addresses in this one case (ie the attack vector pointed out by BilalHIMITE). I have just fixed the issue: https://github.com/TeamEmpireCoin/empirecoin-web/commit/8cdd84c68e5cba5f6ad84489d917943bfc81a07c

BilalHIMITE, please post or PM me your bitcoin address to receive the 0.1 BTC bounty.

Well good to know then. There's still an injection in the link I found. My offer still stands if you want to know the link. You also might want to salt or increase the security of the passwords you store, unsalted SHA-256 sent over an unencrypted request is not very secure.

joey.rich

member

Activity: 124

Merit: 16

Quote from: BilalHIMITE on August 10, 2016, 04:13:52 PM

Quote from: KingZee on August 10, 2016, 04:01:36 PM

Quote from: BilalHIMITE on August 10, 2016, 03:55:26 PM

Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.

Looks like another hole different from mine. But yes, all you need is time on your hand to drop all the info from his database down to the last password. If I had more time I'd definitely go through the injection and keep sending SQL requests till I find something that'll genuinely scare him, but I figured only finding the link would be enough for him. I don't think he understands the danger of an SQL injection.

Yes, he doesn't understand that.

I can send commands to the SQL, but I can't get data back.

I've been writing web applications for a long time and certainly understand SQL injections.

However, it does appear that I neglected to correctly escape user-entered BTC addresses in this one case (ie the attack vector pointed out by BilalHIMITE). I have just fixed the issue: https://github.com/TeamEmpireCoin/empirecoin-web/commit/8cdd84c68e5cba5f6ad84489d917943bfc81a07c

BilalHIMITE, please post or PM me your bitcoin address to receive the 0.1 BTC bounty.

BilalHIMITE

full member

Activity: 159

Merit: 100

Quote from: KingZee on August 10, 2016, 04:01:36 PM

Quote from: BilalHIMITE on August 10, 2016, 03:55:26 PM

Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.

Looks like another hole different from mine. But yes, all you need is time on your hand to drop all the info from his database down to the last password. If I had more time I'd definitely go through the injection and keep sending SQL requests till I find something that'll genuinely scare him, but I figured only finding the link would be enough for him. I don't think he understands the danger of an SQL injection.

Yes, he doesn't understand that.

I can send commands to the SQL, but I can't get data back.

KingZee

sr. member

Activity: 938

Merit: 452

Check your coin privilege

Quote from: BilalHIMITE on August 10, 2016, 03:55:26 PM

Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.

Looks like another hole different from mine. But yes, all you need is time on your hand to drop all the info from his database down to the last password. If I had more time I'd definitely go through the injection and keep sending SQL requests till I find something that'll genuinely scare him, but I figured only finding the link would be enough for him. I don't think he understands the danger of an SQL injection.

BilalHIMITE

full member

Activity: 159

Merit: 100

Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.

KingZee

sr. member

Activity: 938

Merit: 452

Check your coin privilege

Quote from: joey.rich on August 10, 2016, 03:08:42 PM

Hi KingZee,

I had a problem where my VPS disk was full around the time you posted this, so I suspect that's what could have caused this error message. If it really is a SQL injection and you can demo how to replicate, I can send you 0.2 BTC.

The error wasn't fixed, it's still up, it has nothing to do with your server's disk, it's in the webapp.

This error compromises your whole database, I'm not obliged to give you the injection link, you can spend time and funds to find it yourself, or send me 1 BTC.

joey.rich

member

Activity: 124

Merit: 16

Hi KingZee,

I had a problem where my VPS disk was full around the time you posted this, so I suspect that's what could have caused this error message. If it really is a SQL injection and you can demo how to replicate, I can send you 0.2 BTC.

KingZee

sr. member

Activity: 938

Merit: 452

Check your coin privilege

Asking for 1BTC for this potential SQL injection input :

Send the btc to 1KingZeeW97uLvngcUA3R6QJx18Fn78ddb, or let's use an escrow (My preference : Blazed) so I can send you the link, and the injection syntax and entry point.

joey.rich

member

Activity: 124

Merit: 16

EmpireCoin: Bug Bounty Program

EmpireCoin is an open source gaming & blockchain prediction market platform. For more information about this project, check the following threads:
EmpireCoin pre-announcement
Mock Election 2016
Free game: Red vs Blue

To guarantee the security of this platform, we are offering the following bug bounties:

0.5 BTC - Remove bitcoins from an EmpireCoin.org escrow account.
0.1 - 1 BTC - Demonstrate a vulnerability in the empirecoin-web source code

In order to receive the bounty, you must describe your exploit so that it can be fixed.

EmpireCoin uses the bitcoin-sci library to generate Bitcoin escrow addresses. Details on escrowed funds are available on pages like this:
http://empirecoin.org/mock-election-2016/?action=show_escrow

The EmpireCoin source code is available here:
http://github.com/TeamEmpireCoin/empirecoin-web

Topic: EmpireCoin: Bug bounty program - page 2. (Read 1532 times)