Bitcoin Forum>Economy>Marketplace>Service Announcements>Micro Earnings
Pages:
Author

Topic: [FREE] Simple Faucet Script - Open your own faucet - page 11. (Read 34257 times)

Kazuldur
legendary
Activity: 971
Merit: 1000
Re: [FREE] Simple Faucet Script - Open your own faucet
December 19, 2016, 02:43:16 PM
#122
Quote from: Salmen on December 19, 2016, 02:35:36 PM
To the point two, I'll find all possible leaks and fix it.

I'm not saying there are any leaks Smiley. Just that the way you've wrote it makes it very, very easy to create a leak.

Quote from: Salmen on December 19, 2016, 02:35:36 PM
To the point four, it is true that it has a limit and it was mentioned earlier. I couldn't find another API that suits it.

So if you know it's not really useful, why did you add it and advertise it as "Bot shield"?

Btw there's always http://nastyhosts.com/ Smiley (disclaimer: I'm still working for a company that runs nastyhosts)
Salmen
legendary
Activity: 1059
Merit: 1020
Re: [FREE] Simple Faucet Script - Open your own faucet
December 19, 2016, 02:35:36 PM
#121
Quote from: Kazuldur on December 19, 2016, 02:25:08 PM
I don't recommend this script:

1. there's a critical vulnerability that can be used to bypass timer (reported in PM)
2. the way it's written is just asking for a SQL Injection vulnerability. Instead of using prepared statements or an ORM, variables are escaped in random places. I've already found an instance of variable that's escaped twice, it's not hard to imagine there is (or will be introduced in an update) a variable that's not escaped at all.
3. superglobal variables are overwritten
4. getipintel have a limit of 500 queries and will be too expensive to be used by faucets, so this bot shield is useless

Thank you for the feedback.
  • To the point one, I replied a message and an alternative script will be addded into it.
  • To the point two, I'll find all possible leaks and fix it.
  • o the point three, I'll look if I did anything wrong or the template script itself.
  • To the point four, it is true that it has a limit and it was mentioned earlier. I couldn't find another API that suits it.
Kazuldur
legendary
Activity: 971
Merit: 1000
Re: [FREE] Simple Faucet Script - Open your own faucet
December 19, 2016, 02:25:08 PM
#120
I don't recommend this script:

1. there's a critical vulnerability that can be used to bypass timer (reported in PM)
2. the way it's written is just asking for a SQL Injection vulnerability. Instead of using prepared statements or an ORM, variables are escaped in random places. I've already found an instance of variable that's escaped twice, it's not hard to imagine there is (or will be introduced in an update) a variable that's not escaped at all.
3. superglobal variables are overwritten
4. getipintel have a limit of 500 queries and will be too expensive to be used by faucets, so this bot shield is useless
Salmen
legendary
Activity: 1059
Merit: 1020
Re: [FREE] Simple Faucet Script - Open your own faucet
December 19, 2016, 11:49:56 AM
#119
Quote from: rafael7418 on December 17, 2016, 03:29:33 PM
Did you overload the script ??
I changed the API to FaucetHub and fixed minor issue.

Quote from: classic on December 18, 2016, 09:30:54 AM
Hi I added the btc price estimator on the admin page. I add it on the page name then suddendly that