Pages:
Author

Topic: NEW SERVICE- FaucetBuilder - All features you need to build, no fees/cost! - page 2. (Read 1608 times)

newbie
Activity: 26
Merit: 0
I double-checked, and in my opinion this backdoor is fully intentional.
...strip...

The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime.
It has already been fixed and can be checked by faucet owner on the script.

As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed.
Thank you for bringing this up. My intention is to make honest business and help new faucet creators.

I can confirm that the "remember" cookie bug is fixed. Thank you for acting so fast. I thought it's intentional because in the initial commit (https://github.com/destinybogan/Faucet-Builder/commit/49e11c91812d020b677fe791faffb06e27da706c), there's no setcookie("remember"). This means you either wanted to write some code that sets the cookie but then forgot about it, or you backdoored the script and put a "remember me" checkbox to make it less suspicious. Sorry for accusing you if the former is the case.

By the way, this script still has a security vulnerability which allows full write access to the database for everyone who can log in as admin.
newbie
Activity: 40
Merit: 0
I double-checked, and in my opinion this backdoor is fully intentional.
He checks if the cookie called "remember" exists, but that cookie is not set anywhere.
This means that the script expects that a human will set that cookie manually, because manually setting it is the only way it can exist.

The intention was not to take advantage of a backdoor. Instead it was a silly mistake meant to give the option for the admin to not have to relogin everytime.
It has already been fixed and can be checked by faucet owner on the script.

As I mentioned in the first post this has been done as a hobby and service is meant to be free. You can now check that it has been fixed.
Thank you for bringing this up. My intention is to make honest business and help new faucet creators.
newbie
Activity: 40
Merit: 0
If a dev can check again if there's a no more backdoor that would be great.
I like how it has a Filipino language pack though. Good luck!

Hope you don't scam anybody with this service.

I can confirm the script has been fixed. As I mentioned in the first post this has been done as a hobby to help guys who want to create faucets for free.
It is true that the remember cookie created a vulnerability but this was stupid mistake by me. I did it initially so that the admin did not have to keep logging in. But this has been brought up and fixed.

I have tried to be as open as possible and fix issues like this ASAP. Anyone with dev background can check the fix and see that the vulnerability have been removed.

I hope you enjoy the script and thanks for trying it out!
legendary
Activity: 854
Merit: 1000
If a dev can check again if there's a no more backdoor that would be great.
I like how it has a Filipino language pack though. Good luck!

Hope you don't scam anybody with this service.
newbie
Activity: 40
Merit: 0
OP here. The script has been fixed

All faucets that have been created via the script have been notified of the fix via email. Please PM me if you are still having questions.
newbie
Activity: 26
Merit: 0
I double-checked, and in my opinion this backdoor is fully intentional.
He checks if the cookie called "remember" exists, but that cookie is not set anywhere.
This means that the script expects that a human will set that cookie manually, because manually setting it is the only way it can exist.
newbie
Activity: 40
Merit: 0
DO NOT USE THIS SCRIPT!!!
This script has a backdoor!!!
On this page: https://github.com/destinybogan/Faucet-Builder/blob/master/admin/index.php
The code contains:
Code:
if(isset($_COOKIE['remember'])){
  $_SESSION['admin']=true;
}

This means that if I set a cookie with the name "remember", I AM THE ADMIN!
Hackers can set cookies because they are stored client-side and sent to the server in an HTTP header!

You may think that because it only shows the last four characters of your Xapo key, you are safe.
But a hacker could increase the referral payout to something insanely high, disable the timeout, take the SolveMedia key and run a bot until all the coins are gone.

So do not use this script!



Thanks for advice .....     Hmmm  I'm wondering now:         How many faucets does have it?

I have very few faucets using.. less than 20. I will make the changes ASAP to restore this.
Thank for bringing this up
legendary
Activity: 938
Merit: 1000
DO NOT USE THIS SCRIPT!!!
This script has a backdoor!!!
On this page: https://github.com/destinybogan/Faucet-Builder/blob/master/admin/index.php
The code contains:
Code:
if(isset($_COOKIE['remember'])){
  $_SESSION['admin']=true;
}

This means that if I set a cookie with the name "remember", I AM THE ADMIN!
Hackers can set cookies because they are stored client-side and sent to the server in an HTTP header!

You may think that because it only shows the last four characters of your Xapo key, you are safe.
But a hacker could increase the referral payout to something insanely high, disable the timeout, take the SolveMedia key and run a bot until all the coins are gone.

So do not use this script!



Thanks for advice .....     Hmmm  I'm wondering now:         How many faucets does have it?
newbie
Activity: 26
Merit: 0
DO NOT USE THIS SCRIPT!!!
EDIT: The OP has fixed the issue below and sent an e-mail to faucet owners. There are still some logic problems in that code but so far every "exploit" requires admin login. I will take a look at the fixed version.
This script has a backdoor!!!
On this page: https://github.com/destinybogan/Faucet-Builder/blob/master/admin/index.php
The code contains:

Code:
if(isset($_COOKIE['remember'])){
  $_SESSION['admin']=true;
}

This means that if I set a cookie with the name "remember", I AM THE ADMIN!
Hackers can set cookies because they are stored client-side and sent to the server in an HTTP header!

You may think that because it only shows the last four characters of your Xapo key, you are safe.
But a hacker could increase the referral payout to something insanely high, disable the timeout, take the SolveMedia key and run a bot until all the coins are gone .

So do not use this script!
newbie
Activity: 40
Merit: 0
Do any of you guys know websites in Russia that are active in promoting bitcoin services?
I see many Russians on my site. Would love to focus there to see if I can get some traction.

Or do you have any suggestions on how to get more traction? Im thinking maybe spending some ad $ on btc ad services.
newbie
Activity: 40
Merit: 0
It is a very nice website and I like the way you placed the adverts, it is better you sell the script because the gains in the faucet hosting is the money made from the adverts.
I am interested in buying the script.
PM me your price.

I prefer to have people try it and create faucets before i think of charging money. If you provide faucet name and email you can download it for free on the website.
In other words, you can buy the script for free. The price is 0.
$0 price would be nice, I can install this on my .work domain name but I will prefer the ad free script.

sorry im not sure i follow. you can get the script straight from the website from free and create your faucet with the instructions.
can you clarify what you need?

faucetbuilder.com
sr. member
Activity: 392
Merit: 250
It is a very nice website and I like the way you placed the adverts, it is better you sell the script because the gains in the faucet hosting is the money made from the adverts.
I am interested in buying the script.
PM me your price.

I prefer to have people try it and create faucets before i think of charging money. If you provide faucet name and email you can download it for free on the website.
In other words, you can buy the script for free. The price is 0.
$0 price would be nice, I can install this on my .work domain name but I will prefer the ad free script.
newbie
Activity: 40
Merit: 0
It is a very nice website and I like the way you placed the adverts, it is better you sell the script because the gains in the faucet hosting is the money made from the adverts.
I am interested in buying the script.
PM me your price.

I prefer to have people try it and create faucets before i think of charging money. If you provide faucet name and email you can download it for free on the website.
In other words, you can buy the script for free. The price is 0.
full member
Activity: 210
Merit: 100
★YoBit.Net★ 350+ Coins Exchange & Dice
It is a very nice website and I like the way you placed the adverts, it is better you sell the script because the gains in the faucet hosting is the money made from the adverts.
I am interested in buying the script.
PM me your price.
legendary
Activity: 2044
Merit: 1075
Leading Crypto Sports Betting & Casino Platform
interesting, I'll try your script Smiley
just keep your great works... Cheesy
newbie
Activity: 40
Merit: 0
It is good to know that this is free but I hope you will not have some adverts displayed on the faucet website?

For now the idea was to try and have some donations and not put ads. But no one has tipped yet  Cry
I would really prefer to not have to put ads..

I just want to see more people making faucets with my script! Smiley
Nice to offer free script, there should be a demo of how the site will look like, this will motivate people to show interest and also offer free installations and request for compulsory donations.

Thanks and this is good suggestion. I hope to add a few different template examples. I'm talking with a guy who has a few different faucets that he customizes from scratch. I will add some updates once it's live!

Thanks for trying it btw Smiley
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
Here is a demo http://freebtc.work  i'm added advert.
Nice script, easy for install.
OP can i ask you some question on PM? Need little help
sr. member
Activity: 434
Merit: 250
It is good to know that this is free but I hope you will not have some adverts displayed on the faucet website?

For now the idea was to try and have some donations and not put ads. But no one has tipped yet  Cry
I would really prefer to not have to put ads..

I just want to see more people making faucets with my script! Smiley
Nice to offer free script, there should be a demo of how the site will look like, this will motivate people to show interest and also offer free installations and request for compulsory donations.
newbie
Activity: 40
Merit: 0
It is good to know that this is free but I hope you will not have some adverts displayed on the faucet website?

For now the idea was to try and have some donations and not put ads. But no one has tipped yet  Cry
I would really prefer to not have to put ads..

I just want to see more people making faucets with my script! Smiley
sr. member
Activity: 434
Merit: 250
It is good to know that this is free but I hope you will not have some adverts displayed on the faucet website?
Pages:
Jump to: