let me try it with your free BTC..
username : nekochan05
username : nekochan05
tipped
Topic: MagicalDice - Need beta testing [Bounty for bugs] - page 3. (Read 2971 times)
tipped
let me try it with your free BTC..
username : nekochan05
username : nekochan05
Hi Stars !! There are lots of security Vulnerability in your site a Rouge Coder can ******** Your site as they did with Luckybit earlier.
Just Found Two Run Time Errors taht can be fatal from Point of view of your business.
#Bug 0:(noobs Bug)
Bet can be placed even the bet amount is zero
#Bug 1:
I would like you to take you back to few months back may be much more , i guess all guys reading this may remember that once the blockchain.info "latest Transaction" were filled with transactions of Luckybit Blue or red or green...
They were all because before luckybit coders used Instance variable rather than class variables to make a Bet and stored them in Tables(DB) as a instance variables , Instance variables are easy to inject and can be spoof the database for ,say 1-2 seconds to even 3-4 hours until the database refresh(If another guy make a bet after me in "t" time then the database will refresh in "t" time) , assume if it is night and no one is playing on your site means the database is not refreshing and someone rouge comes to your site and played that trick then he has a lot of time to withdraw as no one is playing n your site and the withdraw(if auto) then you can loose a big amount , i remember that some one withdrew 65 btc from Luckybit with this method and im sure he might be reading this.
Just Found Two Run Time Errors taht can be fatal from Point of view of your business.
#Bug 0:(noobs Bug)
Bet can be placed even the bet amount is zero
#Bug 1:
I would like you to take you back to few months back may be much more , i guess all guys reading this may remember that once the blockchain.info "latest Transaction" were filled with transactions of Luckybit Blue or red or green...
They were all because before luckybit coders used Instance variable rather than class variables to make a Bet and stored them in Tables(DB) as a instance variables , Instance variables are easy to inject and can be spoof the database for ,say 1-2 seconds to even 3-4 hours until the database refresh(If another guy make a bet after me in "t" time then the database will refresh in "t" time) , assume if it is night and no one is playing on your site means the database is not refreshing and someone rouge comes to your site and played that trick then he has a lot of time to withdraw as no one is playing n your site and the withdraw(if auto) then you can loose a big amount , i remember that some one withdrew 65 btc from Luckybit with this method and im sure he might be reading this.
Just to clarify: LuckyBit has never been exploited or attacked in this way. It's even impossible as you cannot "withdraw" from LuckyBit - this is also why user funds cannot be endangered on LuckyBit: we simply do not hold any bitcoins of our users (the advantages of onchain gambling). You must be confusing sites.
i would like to try find bugs thanks. Username: Pimpsta
tipping everyone who talks in the chat for more testing=)
i would like to try find bugs thanks. Username: Pimpsta
guys... i think i saw a bug with the fancy rolling.. i keep on playing on fancy rolling but it does not appear on "MY BETS" i tried it a lot of ties.. but really not apper. hope you can fixed this also.. goodluck.
and i cant see it also in ALL BETS AND HIGH ROLLERS... I TRY BET 1 BTC. I CHECK all but not appear..but my balance is moving. up and down when betting.
and i cant see it also in ALL BETS AND HIGH ROLLERS... I TRY BET 1 BTC. I CHECK all but not appear..but my balance is moving. up and down when betting.
When you re-fresh the page does it show up then?
oh yeah i saw it now. but i refresh it. 3 times to see it...
guys... i think i saw a bug with the fancy rolling.. i keep on playing on fancy rolling but it does not appear on "MY BETS" i tried it a lot of ties.. but really not apper. hope you can fixed this also.. goodluck.
and i cant see it also in ALL BETS AND HIGH ROLLERS... I TRY BET 1 BTC. I CHECK all but not appear..but my balance is moving. up and down when betting.
and i cant see it also in ALL BETS AND HIGH ROLLERS... I TRY BET 1 BTC. I CHECK all but not appear..but my balance is moving. up and down when betting.
When you re-fresh the page does it show up then?
That problem first i reported in chat why we have to refresh the page to see bet result into my tabs so it need to get fixed to continue uninterpreted betting on the way, i think when we have to stop and refersh the page to see this that break the rhythm of betting.
guys... i think i saw a bug with the fancy rolling.. i keep on playing on fancy rolling but it does not appear on "MY BETS" i tried it a lot of ties.. but really not apper. hope you can fixed this also.. goodluck.
and i cant see it also in ALL BETS AND HIGH ROLLERS... I TRY BET 1 BTC. I CHECK all but not appear..but my balance is moving. up and down when betting.
and i cant see it also in ALL BETS AND HIGH ROLLERS... I TRY BET 1 BTC. I CHECK all but not appear..but my balance is moving. up and down when betting.
When you re-fresh the page does it show up then?
guys... i think i saw a bug with the fancy rolling.. i keep on playing on fancy rolling but it does not appear on "MY BETS" i tried it a lot of ties.. but really not apper. hope you can fixed this also.. goodluck.
and i cant see it also in ALL BETS AND HIGH ROLLERS... I TRY BET 1 BTC. I CHECK all but not appear..but my balance is moving. up and down when betting.
and i cant see it also in ALL BETS AND HIGH ROLLERS... I TRY BET 1 BTC. I CHECK all but not appear..but my balance is moving. up and down when betting.
Username limit should be increased else usernams like this will mess the board
register there and such a good moderation and site graphics Nice:P
but need to some update on site like when we get tips no notification come on the bottom of the site page.should need to fix a bar for tip notification when we get tip.this will be looking more comfortable when anyone get a tip and there are one problem is on chat.there are no limit for message.myself message such a big sentence.so should prevent unlimited message space should prevent from spamming.we should easily write a composition on the chat this will made a more spam on there.hope u understand. ty admin.
username on MD: showrov1993
thnx
regards .
but need to some update on site like when we get tips no notification come on the bottom of the site page.should need to fix a bar for tip notification when we get tip.this will be looking more comfortable when anyone get a tip and there are one problem is on chat.there are no limit for message.myself message such a big sentence.so should prevent unlimited message space should prevent from spamming.we should easily write a composition on the chat this will made a more spam on there.hope u understand. ty admin.
username on MD: showrov1993
thnx
regards .
Test
I came to know about bug bounty after having registered under username '' boopy'' I am trying to test and finf the bug.Everyone best of luck to help the OP by finding bugs and win.
I appreciate everybody that has found bugs/actively looking for bugs. You will be paid a bounty once our dev has fixed the bug(s). Thanks
I have just created my account there but there no faucet so how to get free coins to test this brand dice site,
Edit : faucet button right down in the balance.
Username : trafficolaa
Edit : faucet button right down in the balance.
Username : trafficolaa
Just registered there
My username: orryde
Thank you
My username: orryde
Thank you
Mostly non-security related, but still important:
- New account, "Login link" doesn't work. If this is already fixed, make sure to hide and disable the "Login link" for people who have a password. Ideally you have a 2FA option too.
- The popups/iframes like user/bet info, provably fair, tip history, etc. also load all the JS. This means they are also loading all the AJAX requests for bets/stats every second etc. (while these frames don't need that data.) You should save both you and the user some resources/bandwidth by not making these useless requests
- You should force SSL.
- New account, "Login link" doesn't work. If this is already fixed, make sure to hide and disable the "Login link" for people who have a password. Ideally you have a 2FA option too.
- The popups/iframes like user/bet info, provably fair, tip history, etc. also load all the JS. This means they are also loading all the AJAX requests for bets/stats every second etc. (while these frames don't need that data.) You should save both you and the user some resources/bandwidth by not making these useless requests
- You should force SSL.
I guess all that site including all JS to load simultaneously at the background while the user only see a splash-screen as the dev of Primedice have done.
hi.. admin, settings in chat like this..
Show my big wins in chat
Show my big losses in chat
i disable it but still showing in my chat box. pls check it. thanks.
Show my big wins in chat
Show my big losses in chat
i disable it but still showing in my chat box. pls check it. thanks.
Mostly non-security related, but still important:
- New account, "Login link" doesn't work. If this is already fixed, make sure to hide and disable the "Login link" for people who have a password. Ideally you have a 2FA option too.
- The popups/iframes like user/bet info, provably fair, tip history, etc. also load all the JS. This means they are also loading all the AJAX requests for bets/stats every second etc. (while these frames don't need that data.) You should save both you and the user some resources/bandwidth by not making these useless requests
- You should force SSL.
- New account, "Login link" doesn't work. If this is already fixed, make sure to hide and disable the "Login link" for people who have a password. Ideally you have a 2FA option too.
- The popups/iframes like user/bet info, provably fair, tip history, etc. also load all the JS. This means they are also loading all the AJAX requests for bets/stats every second etc. (while these frames don't need that data.) You should save both you and the user some resources/bandwidth by not making these useless requests
- You should force SSL.
I guess all that site including all JS to load simultaneously at the background while the user only see a splash-screen as the dev of Primedice have done.
Mostly non-security related, but still important:
- New account, "Login link" doesn't work. If this is already fixed, make sure to hide and disable the "Login link" for people who have a password. Ideally you have a 2FA option too.
- The popups/iframes like user/bet info, provably fair, tip history, etc. also load all the JS. This means they are also loading all the AJAX requests for bets/stats every second etc. (while these frames don't need that data.) You should save both you and the user some resources/bandwidth by not making these useless requests
- You should force SSL.
- New account, "Login link" doesn't work. If this is already fixed, make sure to hide and disable the "Login link" for people who have a password. Ideally you have a 2FA option too.
- The popups/iframes like user/bet info, provably fair, tip history, etc. also load all the JS. This means they are also loading all the AJAX requests for bets/stats every second etc. (while these frames don't need that data.) You should save both you and the user some resources/bandwidth by not making these useless requests
- You should force SSL.
Jump to: