Topic: Launching the Beta of EBitcoinBetting.com! - A Bitcoin Sportsbook (Read 2816 times)
September 01, 2013, 01:49:27 PM
no clue if i won or not no results show
September 01, 2013, 10:54:53 AM
Did any of you guys end up having luck with your bets?
bump
Nothing graded as of yet, I don't tend to think this guy is a scammer as it appears he has worked hard on site, but I don't think he is ready for what it's going to take yet to operate against the other books.
Yeah- there wouldn't be much point in scamming free money either. A scammer would be on top of the beta test to get people excited then get shady after people started depositing.
September 01, 2013, 10:03:34 AM
Did any of you guys end up having luck with your bets?
bump
September 01, 2013, 04:24:02 AM
Did any of you guys end up having luck with your bets?
August 30, 2013, 09:47:30 PM
so does that mean i won or loss i did a random bet
August 30, 2013, 09:45:43 PM
i bet
29 Aug 2013 12:05:40 Straight .1 BTC 0.115 BTC 2013-08-29 17:05
Oakland Athletics @ Detroit Tigers
LINE: -1.5 115
Result: N/A
29 Aug 2013 12:05:40 Straight .1 BTC 0.115 BTC 2013-08-29 17:05
Oakland Athletics @ Detroit Tigers
LINE: -1.5 115
Result: N/A
Yeah, there definitely should be a result- game ended 6-7 .Detroit won.
August 30, 2013, 09:41:22 PM
i bet
29 Aug 2013 12:05:40 Straight .1 BTC 0.115 BTC 2013-08-29 17:05
Oakland Athletics @ Detroit Tigers
LINE: -1.5 115
Result: N/A
29 Aug 2013 12:05:40 Straight .1 BTC 0.115 BTC 2013-08-29 17:05
Oakland Athletics @ Detroit Tigers
LINE: -1.5 115
Result: N/A
August 30, 2013, 09:39:30 PM
I've got my bets placed on a few games tonight. Will see how it goes and report back. 
i place a bet on a game yesterday still no credit whether i won or lost What did you bet on? Perhaps you made the same mistake as me. I thought I was betting on games tonight but turned out to be games tomorrow. haha. I was mistaken because the time on the site doesn't match my local time.
August 30, 2013, 07:54:10 PM
I've got my bets placed on a few games tonight. Will see how it goes and report back.
i place a bet on a game yesterday still no credit whether i won or lost August 30, 2013, 07:47:42 PM
I've got my bets placed on a few games tonight. Will see how it goes and report back.
August 30, 2013, 07:20:56 PM
Sounds like you are over your head and not around enough.
I'm around. Trying to fix the issues. One more week until NFL season starts and things should be running smoothly. Did not anticipate the amount of hiccups. Things will get rolling smoothly coming opening day of the NFL season.
August 30, 2013, 07:12:44 PM
Sounds like you are over your head and not around enough.
I'm around. Trying to fix the issues. One more week until NFL season starts and things should be running smoothly. Did not anticipate the amount of hiccups. Things will get rolling smoothly coming opening day of the NFL season.
August 30, 2013, 09:19:10 AM
Sounds like you are over your head and not around enough.
August 29, 2013, 10:37:02 PM
Guys email him he will reply within 24hrs
August 29, 2013, 09:15:39 PM
My account is kingofsports for the .1 BTC to be added. Thanks and look forward to trying the site out.
August 29, 2013, 08:54:04 PM
Hi, I deposited and I am unable to withdraw. Also never received .1
I messaged you.
I PM'd you also.
August 29, 2013, 12:44:06 PM
Hi, I deposited and I am unable to withdraw. Also never received .1
I messaged you.
I PM'd you also.
August 29, 2013, 11:33:48 AM
Review
A well-designed site, but there are many issues.
First the big stuff
CSRF vulnerability
There is a major CSRF[1] vulnerability in various parts of your website. A malicious attacker can exploit this vulnerability to steal funds from bettors. Please PM me if you need any more information on this issue.
Most visible is the withdrawal script. An attacker can update the withdrawal destination and withdraw arbitrary amounts from user balance. A malicious webpage contains two inline frames, one of which updates the withdrawal address through a POST to http://ebitcoinbetting.com/account.php?id=2&a=1, and the other which withdraws money through another POST to http://ebitcoinbetting.com/account.php?id=2&a=2.
As far as I can tell, this isn't a problem with the password change form because the old password is required. This is also not likely a problem with betting, as there is a confirmation screen for that. Confirmations screens are generally poor at solving CSRF attacks, however, and care should be taken.
(On a related note, withdrawal does not currently work. The error given is:)
Some thoughts
Combined login/register
The combined login/register form is a bad idea. When I went to log in, I had to scroll down to see the “Login” button and initially thought I should fill my information in the upper form, which was instead for “Register”ing.
Logo discrepancy
The logo, which says “EBitCoingBetting”, is confusing. The site's name is given elsewhere as “EBitcoinBetting”, without the “g” that follows the “Bitcoin”. Regardless of whether this is an error or an intentional discrepancy, it is a source of confusion. Brand should be unified, even if the difference is only a “g”.
Cosmetic balance display issue
On two separate occasions, the “Balance in use” shows nothing when no balance is being used. See: https://i.imgur.com/3bB0NsB.png and https://i.imgur.com/YX8jDN0.png.
Username issue?
On the deposit page, my username is displaying thus:
The username I signed up with is not l3jNF. I'm not sure what this is. Perhaps this is intentional, but clarification would be helpful if that is the case.
Bet sizes
The minimum bets for all the ones I can see is 0.21 BTC. Not sure if this is intentional, again, but it certainly makes testing the bet system hard, since we only have 0.1 BTC to work with...
A well-designed site, but there are many issues.
First the big stuff
CSRF vulnerability
There is a major CSRF[1] vulnerability in various parts of your website. A malicious attacker can exploit this vulnerability to steal funds from bettors. Please PM me if you need any more information on this issue.
Most visible is the withdrawal script. An attacker can update the withdrawal destination and withdraw arbitrary amounts from user balance. A malicious webpage contains two inline frames, one of which updates the withdrawal address through a POST to http://ebitcoinbetting.com/account.php?id=2&a=1, and the other which withdraws money through another POST to http://ebitcoinbetting.com/account.php?id=2&a=2.
As far as I can tell, this isn't a problem with the password change form because the old password is required. This is also not likely a problem with betting, as there is a confirmation screen for that. Confirmations screens are generally poor at solving CSRF attacks, however, and care should be taken.
(On a related note, withdrawal does not currently work. The error given is:)
Quote
Catchable fatal error: Object of class mysqli_stmt could not be converted to string in /home3/dokula/public_html/ebit/account.php on line 186
Some thoughts
Combined login/register
The combined login/register form is a bad idea. When I went to log in, I had to scroll down to see the “Login” button and initially thought I should fill my information in the upper form, which was instead for “Register”ing.
Logo discrepancy
The logo, which says “EBitCoingBetting”, is confusing. The site's name is given elsewhere as “EBitcoinBetting”, without the “g” that follows the “Bitcoin”. Regardless of whether this is an error or an intentional discrepancy, it is a source of confusion. Brand should be unified, even if the difference is only a “g”.
Cosmetic balance display issue
On two separate occasions, the “Balance in use” shows nothing when no balance is being used. See: https://i.imgur.com/3bB0NsB.png and https://i.imgur.com/YX8jDN0.png.
Username issue?
On the deposit page, my username is displaying thus:
Quote
Hey, l3jNF!
The username I signed up with is not l3jNF. I'm not sure what this is. Perhaps this is intentional, but clarification would be helpful if that is the case.
Bet sizes
The minimum bets for all the ones I can see is 0.21 BTC. Not sure if this is intentional, again, but it certainly makes testing the bet system hard, since we only have 0.1 BTC to work with...
All of these have been fixed as well. Amazing write up! Thank you!
August 29, 2013, 11:22:32 AM
Thanks,
Was able to reset my password, via the email verification link.
Site is a little hard to navigate around and I had to look for Football then click NCAA to make some bets. Also not a very good checkout area, errors and errors trying to get a parlay to work,
Minimum Bet: .21 BTC
Maximum Bet: .24 BTC
Incorrect table name ''349
What I did like it had the old parlay feel, I remember 25 years ago being 10 picking my 11 teams on my Dad's slip he was going to play for me for $1, but when i got to be 20 I realized it was a rouse and no 10 year old could pick a 11 teamer with odds. But I remember doing that though.
I tried and was unable to make my bets on a 4 team parlay
I want play the full 0.10 BTC on
South Carolina ML -530
SMU H:5 -106
LSU ML -180
FSU ML -371
I will try again tonight and hopefully be back before kickoff tonight, or if you can get in put in that would greatly be appreciated.
Was able to reset my password, via the email verification link.
Site is a little hard to navigate around and I had to look for Football then click NCAA to make some bets. Also not a very good checkout area, errors and errors trying to get a parlay to work,
Minimum Bet: .21 BTC
Maximum Bet: .24 BTC
Incorrect table name ''349
What I did like it had the old parlay feel, I remember 25 years ago being 10 picking my 11 teams on my Dad's slip he was going to play for me for $1, but when i got to be 20 I realized it was a rouse and no 10 year old could pick a 11 teamer with odds. But I remember doing that though.
I tried and was unable to make my bets on a 4 team parlay
I want play the full 0.10 BTC on
South Carolina ML -530
SMU H:5 -106
LSU ML -180
FSU ML -371
I will try again tonight and hopefully be back before kickoff tonight, or if you can get in put in that would greatly be appreciated.
All of these issues have been fixed. Let me know if you cannot place the bet, then I will do it myself.
August 29, 2013, 07:35:07 AM
Review
A well-designed site, but there are many issues.
First the big stuff
CSRF vulnerability
There is a major CSRF[1] vulnerability in various parts of your website. A malicious attacker can exploit this vulnerability to steal funds from bettors. Please PM me if you need any more information on this issue.
Most visible is the withdrawal script. An attacker can update the withdrawal destination and withdraw arbitrary amounts from user balance. A malicious webpage contains two inline frames, one of which updates the withdrawal address through a POST to http://ebitcoinbetting.com/account.php?id=2&a=1, and the other which withdraws money through another POST to http://ebitcoinbetting.com/account.php?id=2&a=2.
As far as I can tell, this isn't a problem with the password change form because the old password is required. This is also not likely a problem with betting, as there is a confirmation screen for that. Confirmations screens are generally poor at solving CSRF attacks, however, and care should be taken.
(On a related note, withdrawal does not currently work. The error given is:)
Some thoughts
Combined login/register
The combined login/register form is a bad idea. When I went to log in, I had to scroll down to see the “Login” button and initially thought I should fill my information in the upper form, which was instead for “Register”ing.
Logo discrepancy
The logo, which says “EBitCoingBetting”, is confusing. The site's name is given elsewhere as “EBitcoinBetting”, without the “g” that follows the “Bitcoin”. Regardless of whether this is an error or an intentional discrepancy, it is a source of confusion. Brand should be unified, even if the difference is only a “g”.
Cosmetic balance display issue
On two separate occasions, the “Balance in use” shows nothing when no balance is being used. See:
and 
.
Username issue?
On the deposit page, my username is displaying thus:
The username I signed up with is not l3jNF. I'm not sure what this is. Perhaps this is intentional, but clarification would be helpful if that is the case.
Bet sizes
The minimum bets for all the ones I can see is 0.21 BTC. Not sure if this is intentional, again, but it certainly makes testing the bet system hard, since we only have 0.1 BTC to work with...
A well-designed site, but there are many issues.
First the big stuff
CSRF vulnerability
There is a major CSRF[1] vulnerability in various parts of your website. A malicious attacker can exploit this vulnerability to steal funds from bettors. Please PM me if you need any more information on this issue.
Most visible is the withdrawal script. An attacker can update the withdrawal destination and withdraw arbitrary amounts from user balance. A malicious webpage contains two inline frames, one of which updates the withdrawal address through a POST to http://ebitcoinbetting.com/account.php?id=2&a=1, and the other which withdraws money through another POST to http://ebitcoinbetting.com/account.php?id=2&a=2.
As far as I can tell, this isn't a problem with the password change form because the old password is required. This is also not likely a problem with betting, as there is a confirmation screen for that. Confirmations screens are generally poor at solving CSRF attacks, however, and care should be taken.
(On a related note, withdrawal does not currently work. The error given is:)
Quote
Catchable fatal error: Object of class mysqli_stmt could not be converted to string in /home3/dokula/public_html/ebit/account.php on line 186
Some thoughts
Combined login/register
The combined login/register form is a bad idea. When I went to log in, I had to scroll down to see the “Login” button and initially thought I should fill my information in the upper form, which was instead for “Register”ing.
Logo discrepancy
The logo, which says “EBitCoingBetting”, is confusing. The site's name is given elsewhere as “EBitcoinBetting”, without the “g” that follows the “Bitcoin”. Regardless of whether this is an error or an intentional discrepancy, it is a source of confusion. Brand should be unified, even if the difference is only a “g”.
Cosmetic balance display issue
On two separate occasions, the “Balance in use” shows nothing when no balance is being used. See:
and .Username issue?
On the deposit page, my username is displaying thus:
Quote
Hey, l3jNF!
The username I signed up with is not l3jNF. I'm not sure what this is. Perhaps this is intentional, but clarification would be helpful if that is the case.
Bet sizes
The minimum bets for all the ones I can see is 0.21 BTC. Not sure if this is intentional, again, but it certainly makes testing the bet system hard, since we only have 0.1 BTC to work with...
Jump to: