NEW SERVICE- FaucetBuilder - All features you need to build, no fees/cost! - page 2.

szgal

newbie

Activity: 26

Merit: 0

Quote from: FaucetBuilder on June 30, 2015, 02:31:34 PM

Quote from: szgal on June 29, 2015, 09:37:37 PM

I double-checked, and in my opinion this backdoor is fully intentional.
...strip...

The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime.
It has already been fixed and can be checked by faucet owner on the script.

As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed.
Thank you for bringing this up. My intention is to make honest business and help new faucet creators.

I can confirm that the "remember" cookie bug is fixed. Thank you for acting so fast. I thought it's intentional because in the initial commit (https://github.com/destinybogan/Faucet-Builder/commit/49e11c91812d020b677fe791faffb06e27da706c), there's no setcookie("remember"). This means you either wanted to write some code that sets the cookie but then forgot about it, or you backdoored the script and put a "remember me" checkbox to make it less suspicious. Sorry for accusing you if the former is the case.

By the way, this script still has a security vulnerability which allows full write access to the database for everyone who can log in as admin.

FaucetBuilder

newbie

Activity: 40

Merit: 0

Quote from: szgal on June 29, 2015, 09:37:37 PM

I double-checked, and in my opinion this backdoor is fully intentional.
He checks if the cookie called "remember" exists, but that cookie is not set anywhere.
This means that the script expects that a human will set that cookie manually, because manually setting it is the only way it can exist.

The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime.
It has already been fixed and can be checked by faucet owner on the script.

As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed.
Thank you for bringing this up. My intention is to make honest business and help new faucet creators.

FaucetBuilder

newbie

Activity: 40

Merit: 0

Quote from: Emerge on June 30, 2015, 07:02:19 AM

If a dev can check again if there's a no more backdoor that would be great.
I like how it has a Filipino language pack though. Good luck!

Hope you don't scam anybody with this service.

I can confirm the script has been fixed. As I mentioned in the first post this has been done as a hobby to help guys who want to create faucets for free.
It is true that the remember cookie created a vulnerability but this was stupid mistake by me. I did it initially so that the admin did not have to keep logging in. But this has been brought up and fixed.

I have tried to be as open as possible and fix issues like this ASAP. Anyone with dev background can check the fix and see that the vulnerability have been removed.

I hope you enjoy the script and thanks for trying it out!

Emerge

legendary

Activity: 854

Merit: 1000

If a dev can check again if there's a no more backdoor that would be great.
I like how it has a Filipino language pack though. Good luck!

Hope you don't scam anybody with this service.

FaucetBuilder

newbie

Activity: 40

Merit: 0

OP here. The script has been fixed

All faucets that have been created via the script have been notified of the fix via email. Please PM me if you are still having questions.

szgal

newbie

Activity: 26

Merit: 0

I double-checked, and in my opinion this backdoor is fully intentional.
He checks if the cookie called "remember" exists, but that cookie is not set anywhere.
This means that the script expects that a human will set that cookie manually, because manually setting it is the only way it can exist.

FaucetBuilder

newbie

Activity: 40

Merit: 0

Quote from: bit1 on June 29, 2015, 08:54:00 PM

Quote from: szgal on June 29, 2015, 08:39:43 PM

DO NOT USE THIS SCRIPT!!!
This script has a backdoor!!!
On this page: https://github.com/destinybogan/Faucet-Builder/blob/master/admin/index.php
The code contains:

Code:

if(isset($_COOKIE['remember'])){
  $_SESSION['admin']=true;
}

This means that if I set a cookie with the name "remember", I AM THE ADMIN!
Hackers can set cookies because they are stored client-side and sent to the server in an HTTP header!

You may think that because it only shows the last four characters of your Xapo key, you are safe.
But a hacker could increase the referral payout to something insanely high, disable the timeout, take the SolveMedia key and run a bot until all the coins are gone.

So do not use this script!

Thanks for advice ..... Hmmm I'm wondering now: How many faucets does have it?

I have very few faucets using.. less than 20. I will make the changes ASAP to restore this.
Thank for bringing this up

bit1

legendary

Activity: 938

Merit: 1000

Quote from: szgal on June 29, 2015, 08:39:43 PM

DO NOT USE THIS SCRIPT!!!
This script has a backdoor!!!
On this page: https://github.com/destinybogan/Faucet-Builder/blob/master/admin/index.php
The code contains:

Code:

if(isset($_COOKIE['remember'])){
  $_SESSION['admin']=true;
}

This means that if I set a cookie with the name "remember", I AM THE ADMIN!
Hackers can set cookies because they are stored client-side and sent to the server in an HTTP header!

You may think that because it only shows the last four characters of your Xapo key, you are safe.
But a hacker could increase the referral payout to something insanely high, disable the timeout, take the SolveMedia key and run a bot until all the coins are gone.

So do not use this script!

Thanks for advice ..... Hmmm I'm wondering now: How many faucets does have it?

szgal

newbie

Activity: 26

Merit: 0

~~DO NOT USE THIS SCRIPT!!!~~
EDIT: The OP has fixed the issue below and sent an e-mail to faucet owners. There are still some logic problems in that code but so far every "exploit" requires admin login. I will take a look at the fixed version.
This script has a backdoor!!!
On this page: https://github.com/destinybogan/Faucet-Builder/blob/master/admin/index.php
The code contains:

Code:

if(isset($_COOKIE['remember'])){
  $_SESSION['admin']=true;
}

This means that if I set a cookie with the name "remember", I AM THE ADMIN!
Hackers can set cookies because they are stored client-side and sent to the server in an HTTP header!

You may think that because it only shows the last four characters of your Xapo key, you are safe.
But a hacker could increase the referral payout to something insanely high, disable the timeout, take the SolveMedia key and run a bot until all the coins are gone .

So do not use this script!

FaucetBuilder

newbie

Activity: 40

Merit: 0

Do any of you guys know websites in Russia that are active in promoting bitcoin services?
I see many Russians on my site. Would love to focus there to see if I can get some traction.

Or do you have any suggestions on how to get more traction? Im thinking maybe spending some ad $ on btc ad services.

FaucetBuilder

newbie

Activity: 40

Merit: 0

Quote from: noel57 on June 24, 2015, 04:29:44 PM

Quote from: FaucetBuilder on June 24, 2015, 04:21:39 PM

Quote from: meadefreling on June 24, 2015, 12:56:48 PM

It is a very nice website and I like the way you placed the adverts, it is better you sell the script because the gains in the faucet hosting is the money made from the adverts.
I am interested in buying the script.
PM me your price.

I prefer to have people try it and create faucets before i think of charging money. If you provide faucet name and email you can download it for free on the website.
In other words, you can buy the script for free. The price is 0.

$0 price would be nice, I can install this on my .work domain name but I will prefer the ad free script.

sorry im not sure i follow. you can get the script straight from the website from free and create your faucet with the instructions.
can you clarify what you need?

faucetbuilder.com

noel57

sr. member

Activity: 392

Merit: 250

Quote from: FaucetBuilder on June 24, 2015, 04:21:39 PM

Quote from: meadefreling on June 24, 2015, 12:56:48 PM

It is a very nice website and I like the way you placed the adverts, it is better you sell the script because the gains in the faucet hosting is the money made from the adverts.
I am interested in buying the script.
PM me your price.

I prefer to have people try it and create faucets before i think of charging money. If you provide faucet name and email you can download it for free on the website.
In other words, you can buy the script for free. The price is 0.

$0 price would be nice, I can install this on my .work domain name but I will prefer the ad free script.

FaucetBuilder

newbie

Activity: 40

Merit: 0

Quote from: meadefreling on June 24, 2015, 12:56:48 PM

It is a very nice website and I like the way you placed the adverts, it is better you sell the script because the gains in the faucet hosting is the money made from the adverts.
I am interested in buying the script.
PM me your price.

I prefer to have people try it and create faucets before i think of charging money. If you provide faucet name and email you can download it for free on the website.
In other words, you can buy the script for free. The price is 0.

meadefreling

full member

Activity: 210

Merit: 100

★YoBit.Net★ 350+ Coins Exchange & Dice

It is a very nice website and I like the way you placed the adverts, it is better you sell the script because the gains in the faucet hosting is the money made from the adverts.
I am interested in buying the script.
PM me your price.

dezoel

legendary

Activity: 2044

Merit: 1075

Leading Crypto Sports Betting & Casino Platform

interesting, I'll try your script

just keep your great works... Cheesy

FaucetBuilder

newbie

Activity: 40

Merit: 0

Quote from: melisande on June 23, 2015, 05:14:19 PM

Quote from: FaucetBuilder on June 23, 2015, 05:00:18 PM

Quote from: alwinlinzee on June 23, 2015, 04:13:24 PM

It is good to know that this is free but I hope you will not have some adverts displayed on the faucet website?

For now the idea was to try and have some donations and not put ads. But no one has tipped yet Cry

I would really prefer to not have to put ads..

I just want to see more people making faucets with my script!

Nice to offer free script, there should be a demo of how the site will look like, this will motivate people to show interest and also offer free installations and request for compulsory donations.

Thanks and this is good suggestion. I hope to add a few different template examples. I'm talking with a guy who has a few different faucets that he customizes from scratch. I will add some updates once it's live!

Thanks for trying it btw

examplens

legendary

Activity: 3444

Merit: 3469

Crypto Swap Exchange

Here is a demo http://freebtc.work i'm added advert.
Nice script, easy for install.
OP can i ask you some question on PM? Need little help

melisande

sr. member

Activity: 434

Merit: 250

Quote from: FaucetBuilder on June 23, 2015, 05:00:18 PM

Quote from: alwinlinzee on June 23, 2015, 04:13:24 PM

It is good to know that this is free but I hope you will not have some adverts displayed on the faucet website?

For now the idea was to try and have some donations and not put ads. But no one has tipped yet Cry

I would really prefer to not have to put ads..

I just want to see more people making faucets with my script!

Nice to offer free script, there should be a demo of how the site will look like, this will motivate people to show interest and also offer free installations and request for compulsory donations.

FaucetBuilder

newbie

Activity: 40

Merit: 0

Quote from: alwinlinzee on June 23, 2015, 04:13:24 PM

It is good to know that this is free but I hope you will not have some adverts displayed on the faucet website?

For now the idea was to try and have some donations and not put ads. But no one has tipped yet Cry

I would really prefer to not have to put ads..

I just want to see more people making faucets with my script!

alwinlinzee

sr. member

Activity: 434

Merit: 250

It is good to know that this is free but I hope you will not have some adverts displayed on the faucet website?

Topic: NEW SERVICE- FaucetBuilder - All features you need to build, no fees/cost! - page 2. (Read 1599 times)