Pages:
Author

Topic: EmpireCoin: Bug bounty program - page 2. (Read 1543 times)

full member
Activity: 159
Merit: 100
August 11, 2016, 09:14:33 AM
#12
Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.

Looks like another hole different from mine. But yes, all you need is time on your hand to drop all the info from his database down to the last password. If I had more time I'd definitely go through the injection and keep sending SQL requests till I find something that'll genuinely scare him, but I figured only finding the link would be enough for him. I don't think he understands the danger of an SQL injection.

Yes, he doesn't understand that.

I can send commands to the SQL, but I can't get data back.

I've been writing web applications for a long time and certainly understand the risk of SQL injections aka the simplest exploit out there.

However, it does appear that I neglected to correctly escape user-entered BTC addresses in this one case (ie the attack vector pointed out by BilalHIMITE).  I have just fixed the issue: https://github.com/TeamEmpireCoin/empirecoin-web/commit/8cdd84c68e5cba5f6ad84489d917943bfc81a07c

BilalHIMITE, please post or PM me your bitcoin address to receive the 0.1 BTC bounty.


15YnqdubKqeq3v7RVaV38Qk7FrvLpvZ5vG

Sended a PM also.
hero member
Activity: 658
Merit: 500
August 11, 2016, 05:07:10 AM
#11
Would it not be a lot cheaper and maybe more safe if you try to hire a professional service for this?

I could be wrong but i think it's really the best and even quicker option since they also offer to fix the issues!

Because what if someone really find a big hole and he will keep it and not tell you, and then use it once there is a lot cash to steal?
legendary
Activity: 1988
Merit: 1317
Get your game girl
August 11, 2016, 04:51:20 AM
#10
Well good to know then. There's still an injection in the link I found. My offer still stands if you want to know the link. You also might want to salt or increase the security of the passwords you store, unsalted SHA-256 sent over an unencrypted request is not very secure.
How about I fix that error for you @OP ? I can give you a solution  to reject all the external access with the most "easiest" query out there ,like the one mentioned by KInzee.My pen testing tools are on the work!I should report you if I come across any more vulnerabilities!

EDIT : Does ddos attacks counts ?
sr. member
Activity: 938
Merit: 452
Check your coin privilege
August 11, 2016, 03:49:04 AM
#9

I've been writing web applications for a long time and certainly understand the risk of SQL injections aka the simplest exploit out there.

However, it does appear that I neglected to correctly escape user-entered BTC addresses in this one case (ie the attack vector pointed out by BilalHIMITE).  I have just fixed the issue: https://github.com/TeamEmpireCoin/empirecoin-web/commit/8cdd84c68e5cba5f6ad84489d917943bfc81a07c

BilalHIMITE, please post or PM me your bitcoin address to receive the 0.1 BTC bounty.

Well good to know then. There's still an injection in the link I found. My offer still stands if you want to know the link. You also might want to salt or increase the security of the passwords you store, unsalted SHA-256 sent over an unencrypted request is not very secure.
member
Activity: 124
Merit: 16
August 11, 2016, 03:22:28 AM
#8
Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.

Looks like another hole different from mine. But yes, all you need is time on your hand to drop all the info from his database down to the last password. If I had more time I'd definitely go through the injection and keep sending SQL requests till I find something that'll genuinely scare him, but I figured only finding the link would be enough for him. I don't think he understands the danger of an SQL injection.

Yes, he doesn't understand that.

I can send commands to the SQL, but I can't get data back.

I've been writing web applications for a long time and certainly understand SQL injections.

However, it does appear that I neglected to correctly escape user-entered BTC addresses in this one case (ie the attack vector pointed out by BilalHIMITE).  I have just fixed the issue: https://github.com/TeamEmpireCoin/empirecoin-web/commit/8cdd84c68e5cba5f6ad84489d917943bfc81a07c

BilalHIMITE, please post or PM me your bitcoin address to receive the 0.1 BTC bounty.
full member
Activity: 159
Merit: 100
August 10, 2016, 04:13:52 PM
#7
Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.

Looks like another hole different from mine. But yes, all you need is time on your hand to drop all the info from his database down to the last password. If I had more time I'd definitely go through the injection and keep sending SQL requests till I find something that'll genuinely scare him, but I figured only finding the link would be enough for him. I don't think he understands the danger of an SQL injection.

Yes, he doesn't understand that.

I can send commands to the SQL, but I can't get data back.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
August 10, 2016, 04:01:36 PM
#6
Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.

Looks like another hole different from mine. But yes, all you need is time on your hand to drop all the info from his database down to the last password. If I had more time I'd definitely go through the injection and keep sending SQL requests till I find something that'll genuinely scare him, but I figured only finding the link would be enough for him. I don't think he understands the danger of an SQL injection.
full member
Activity: 159
Merit: 100
August 10, 2016, 03:55:26 PM
#5
Detected SQL Injection Vulnerability : http://imgur.com/a/jBcfS
Trying to get further in.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
August 10, 2016, 03:36:52 PM
#4
Hi KingZee,

I had a problem where my VPS disk was full around the time you posted this, so I suspect that's what could have caused this error message.  If it really is a SQL injection and you can demo how to replicate, I can send you 0.2 BTC.

The error wasn't fixed, it's still up, it has nothing to do with your server's disk, it's in the webapp.

This error compromises your whole database, I'm not obliged to give you the injection link, you can spend time and funds to find it yourself, or send me 1 BTC.
member
Activity: 124
Merit: 16
August 10, 2016, 03:08:42 PM
#3
Hi KingZee,

I had a problem where my VPS disk was full around the time you posted this, so I suspect that's what could have caused this error message.  If it really is a SQL injection and you can demo how to replicate, I can send you 0.2 BTC.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
August 10, 2016, 02:24:32 PM
#2
Asking for 1BTC for this potential SQL injection input :

Send the btc to 1KingZeeW97uLvngcUA3R6QJx18Fn78ddb, or let's use an escrow (My preference : Blazed) so I can send you the link, and the injection syntax and entry point.
member
Activity: 124
Merit: 16
August 10, 2016, 04:36:30 AM
#1


EmpireCoin: Bug Bounty Program

EmpireCoin is an open source gaming & blockchain prediction market platform.  For more information about this project, check the following threads:
EmpireCoin pre-announcement
Mock Election 2016
Free game: Red vs Blue

To guarantee the security of this platform, we are offering the following bug bounties:

0.5 BTC - Remove bitcoins from an EmpireCoin.org escrow account.
0.1 - 1 BTC - Demonstrate a vulnerability in the empirecoin-web source code

In order to receive the bounty, you must describe your exploit so that it can be fixed.

EmpireCoin uses the bitcoin-sci library to generate Bitcoin escrow addresses.  Details on escrowed funds are available on pages like this:
http://empirecoin.org/mock-election-2016/?action=show_escrow

The EmpireCoin source code is available here:
http://github.com/TeamEmpireCoin/empirecoin-web
Pages:
Jump to: