Pages:
Author

Topic: Launching the Beta of EBitcoinBetting.com! - A Bitcoin Sportsbook (Read 2827 times)

legendary
Activity: 966
Merit: 1000
no clue if i won or not no results show
sr. member
Activity: 518
Merit: 250
Did any of you guys end up having luck with your bets?

bump

Nothing graded as of yet, I don't tend to think this guy is a scammer as it appears he has worked hard on site, but I don't think he is ready for what it's going to take yet to operate against the other books.

Yeah- there wouldn't be much point in scamming free money either. A scammer would be on top of the beta test to get people excited then get shady after people started depositing.
sr. member
Activity: 518
Merit: 250
Did any of you guys end up having luck with your bets?

bump
sr. member
Activity: 518
Merit: 250
Did any of you guys end up having luck with your bets?
legendary
Activity: 966
Merit: 1000
so does that mean i won or loss i did a random bet
sr. member
Activity: 518
Merit: 250
i bet
29 Aug 2013 12:05:40   Straight   .1 BTC   0.115 BTC   2013-08-29 17:05
Oakland Athletics @ Detroit Tigers
LINE: -1.5 115
Result: N/A



Yeah, there definitely should be a result- game ended 6-7 .Detroit won.
legendary
Activity: 966
Merit: 1000
i bet
29 Aug 2013 12:05:40   Straight   .1 BTC   0.115 BTC   2013-08-29 17:05
Oakland Athletics @ Detroit Tigers
LINE: -1.5 115
Result: N/A

sr. member
Activity: 518
Merit: 250
I've got my bets placed on a few games tonight. Will see how it goes and report back. Smiley
i place a bet on a game yesterday still no credit whether i won or lost

What did you bet on? Perhaps you made the same mistake as me. I thought I was betting on games tonight but turned out to be games tomorrow. haha. I was mistaken because the time on the site doesn't match my local time. Tongue
legendary
Activity: 966
Merit: 1000
I've got my bets placed on a few games tonight. Will see how it goes and report back. Smiley
i place a bet on a game yesterday still no credit whether i won or lost
sr. member
Activity: 518
Merit: 250
I've got my bets placed on a few games tonight. Will see how it goes and report back. Smiley
legendary
Activity: 966
Merit: 1000
Sounds like you are over your head and not around enough.

I'm around. Trying to fix the issues. One more week until NFL season starts and things should be running smoothly. Did not anticipate the amount of hiccups. Things will get rolling smoothly coming opening day of the NFL season.
my bet is still being not finshed yet the game finshed yesterday
newbie
Activity: 14
Merit: 0
Sounds like you are over your head and not around enough.

I'm around. Trying to fix the issues. One more week until NFL season starts and things should be running smoothly. Did not anticipate the amount of hiccups. Things will get rolling smoothly coming opening day of the NFL season.
hero member
Activity: 602
Merit: 500
Acc bought - used solely for signature testing
Sounds like you are over your head and not around enough.
legendary
Activity: 966
Merit: 1000
Guys email him he will reply within 24hrs
hero member
Activity: 602
Merit: 500
Acc bought - used solely for signature testing
My account is kingofsports for the .1 BTC to be added. Thanks and look forward to trying the site out.
full member
Activity: 140
Merit: 100
Hi, I deposited and I am unable to withdraw. Also never received .1

I messaged you.
Icecube, same I account as here
I PM'd you also.
Still unable and never received the .1 Sad
full member
Activity: 140
Merit: 100
Hi, I deposited and I am unable to withdraw. Also never received .1

I messaged you.
Icecube, same I account as here
I PM'd you also.
newbie
Activity: 14
Merit: 0
Review

A well-designed site, but there are many issues.

First the big stuff

CSRF vulnerability

There is a major CSRF[1] vulnerability in various parts of your website. A malicious attacker can exploit this vulnerability to steal funds from bettors. Please PM me if you need any more information on this issue.

Most visible is the withdrawal script. An attacker can update the withdrawal destination and withdraw arbitrary amounts from user balance. A malicious webpage contains two inline frames, one of which updates the withdrawal address through a POST to http://ebitcoinbetting.com/account.php?id=2&a=1, and the other which withdraws money through another POST to http://ebitcoinbetting.com/account.php?id=2&a=2.

As far as I can tell, this isn't a problem with the password change form because the old password is required. This is also not likely a problem with betting, as there is a confirmation screen for that. Confirmations screens are generally poor at solving CSRF attacks, however, and care should be taken.

(On a related note, withdrawal does not currently work. The error given is:)

Quote
Catchable fatal error: Object of class mysqli_stmt could not be converted to string in /home3/dokula/public_html/ebit/account.php on line 186


Some thoughts

Combined login/register

The combined login/register form is a bad idea. When I went to log in, I had to scroll down to see the “Login” button and initially thought I should fill my information in the upper form, which was instead for “Register”ing.

Logo discrepancy

The logo, which says “EBitCoingBetting”, is confusing. The site's name is given elsewhere as “EBitcoinBetting”, without the “g” that follows the “Bitcoin”. Regardless of whether this is an error or an intentional discrepancy, it is a source of confusion. Brand should be unified, even if the difference is only a “g”.

Cosmetic balance display issue

On two separate occasions, the “Balance in use” shows nothing when no balance is being used. See: https://i.imgur.com/3bB0NsB.png and https://i.imgur.com/YX8jDN0.png.

Username issue?

On the deposit page, my username is displaying thus:
Quote
Hey, l3jNF!

The username I signed up with is not l3jNF. I'm not sure what this is. Perhaps this is intentional, but clarification would be helpful if that is the case.

Bet sizes

The minimum bets for all the ones I can see is 0.21BTC. Not sure if this is intentional, again, but it certainly makes testing the bet system hard, since we only have 0.1BTC to work with...

All of these have been fixed as well. Amazing write up! Thank you!
newbie
Activity: 14
Merit: 0
Thanks,

Was able to reset my password, via the email verification link.

Site is a little hard to navigate around and I had to look for Football then click NCAA to make some bets.  Also not a very good checkout area, errors and errors trying to get a parlay to work, 

Minimum Bet: .21 BTC
Maximum Bet: .24 BTC
Incorrect table name ''349


What I did like it had the old parlay feel, I remember 25 years ago being 10 picking my 11 teams on my Dad's slip he was going to play for me for $1, but when i got to be 20 I realized it was a rouse and no 10 year old could pick a 11 teamer with odds.  But I remember doing that though.

I tried and was unable to make my bets on a 4 team parlay

I want play the full 0.10 BTC on
South Carolina ML -530
SMU H:5 -106
LSU ML -180
FSU ML -371

I will try again tonight and hopefully be back before kickoff tonight, or if you can get in put in that would greatly be appreciated.




All of these issues have been fixed. Let me know if you cannot place the bet, then I will do it myself.
legendary
Activity: 1246
Merit: 1077
Review

A well-designed site, but there are many issues.

First the big stuff

CSRF vulnerability

There is a major CSRF[1] vulnerability in various parts of your website. A malicious attacker can exploit this vulnerability to steal funds from bettors. Please PM me if you need any more information on this issue.

Most visible is the withdrawal script. An attacker can update the withdrawal destination and withdraw arbitrary amounts from user balance. A malicious webpage contains two inline frames, one of which updates the withdrawal address through a POST to http://ebitcoinbetting.com/account.php?id=2&a=1, and the other which withdraws money through another POST to http://ebitcoinbetting.com/account.php?id=2&a=2.

As far as I can tell, this isn't a problem with the password change form because the old password is required. This is also not likely a problem with betting, as there is a confirmation screen for that. Confirmations screens are generally poor at solving CSRF attacks, however, and care should be taken.

(On a related note, withdrawal does not currently work. The error given is:)

Quote
Catchable fatal error: Object of class mysqli_stmt could not be converted to string in /home3/dokula/public_html/ebit/account.php on line 186


Some thoughts

Combined login/register

The combined login/register form is a bad idea. When I went to log in, I had to scroll down to see the “Login” button and initially thought I should fill my information in the upper form, which was instead for “Register”ing.

Logo discrepancy

The logo, which says “EBitCoingBetting”, is confusing. The site's name is given elsewhere as “EBitcoinBetting”, without the “g” that follows the “Bitcoin”. Regardless of whether this is an error or an intentional discrepancy, it is a source of confusion. Brand should be unified, even if the difference is only a “g”.

Cosmetic balance display issue

On two separate occasions, the “Balance in use” shows nothing when no balance is being used. See: and .

Username issue?

On the deposit page, my username is displaying thus:
Quote
Hey, l3jNF!

The username I signed up with is not l3jNF. I'm not sure what this is. Perhaps this is intentional, but clarification would be helpful if that is the case.

Bet sizes

The minimum bets for all the ones I can see is 0.21BTC. Not sure if this is intentional, again, but it certainly makes testing the bet system hard, since we only have 0.1BTC to work with...
Pages:
Jump to: