Use your own design.
I do not recommend buying this.
I do not recommend buying this.
looking into this cesspool --- for once i may agree with you! =\ *will report back*
Topic: Start your Dice casino site! CoinDice 1.0 script [1.1 BTC] - page 2. (Read 23375 times)
looking into this cesspool --- for once i may agree with you! =\ *will report back*
Check your skype I sent the 1.1BTC and waiting for your response. Thank you!
Responded. Thank you!
Any news?
I think it's more complex to build in the EMunie API. We are Bitcoin API pro. but we have zero experiences with EMunie as it works on completely different principle and API than most of the cryptos.
I think it's work for EMunie professionals, that's what can I say now.
Sorry
Any news?
Looking to buy this if all the other sales give positive feedback on it. As it seems a few customers have been unanswered.
I would love to give imrer and johny the benefit of the doubt, but with absolutely no response via email, and the responses here being very defensive and unhelpful I dunno that I can much longer.
I am willing to evaluate the code, but have any of the creators messaged you back?
I have received no response, don't know about others. Perhaps johny is still busy with the script he said he would make on 02/05/2014.
Perhaps.
I am willing to evaluate the code, but have any of the creators messaged you back?
I have received no response, don't know about others. Perhaps johny is still busy with the script he said he would make on 02/05/2014.
I am willing to evaluate the code, but have any of the creators messaged you back?
So it's been a lot more than a few hours....
Yeah, hmmm.
Any updates Johny?
So it's been a lot more than a few hours....
I said they were POTENTIALLY holes, so calm down. I've had ~1,000,000 VOLT, ~60,000 BIC, ~30,000 DGB and ~10,000 POT stolen, so if anyone should be getting antsy it's me.
I understand your position and I'm sorry for your lost. Stay touched before we gets security research result.
If no flaw has been found then why did the exact same thing happen to two different people? It seems something shifty is going on imo.
Johny please send me the fixes I requested as well. With the finished files I will send it all off to a verified security researcher and from there I will find out the truth.
Thanks,
Johny please send me the fixes I requested as well. With the finished files I will send it all off to a verified security researcher and from there I will find out the truth.
Thanks,
Working on it, sending in few hours.
I said they were POTENTIALLY holes, so calm down. I've had ~1,000,000 VOLT, ~60,000 BIC, ~30,000 DGB and ~10,000 POT stolen, so if anyone should be getting antsy it's me.
If no flaw has been found then why did the exact same thing happen to two different people? It seems something shifty is going on imo.
Johny please send me the fixes I requested as well. With the finished files I will send it all off to a verified security researcher and from there I will find out the truth.
Thanks,
Johny please send me the fixes I requested as well. With the finished files I will send it all off to a verified security researcher and from there I will find out the truth.
Thanks,
Passwords are stored as md5 hash.
There's no such thing in requestAccess.php:
It may been edited by someone else (hacker).
admin/ajax/delete_admin.php:
i think it's ok, what's wrong with that?
jonstaz, we didn't stole anything from you.
If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.
There's no such thing in requestAccess.php:
It may been edited by someone else (hacker).
admin/ajax/delete_admin.php:
i think it's ok, what's wrong with that?
jonstaz, we didn't stole anything from you.
If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.
My bad, it's in /admin/index.php not requestAccess.php
if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
include './pages/'.$_GET['p'].'.php';
So the problem with that, and admin\ajax\delete_admin.php:
mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");
is that _GET is in the URL, which allows for an injection, we can put any .php in there, and because you don't have any IN_SCRIPT variables defined there's nothing preventing included pages being accessed directly.
Just hashing the passwords in MD5 isn't good enough, you at very least need to salt each of the hashes.
There are no transactions for admin deposits or withdrawals.
if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
include './pages/'.$_GET['p'].'.php';
This is OK. It's including the file only if the file is located at the /pages folder. That's standart procedur.
is that _GET is in the URL, which allows for an injection ...
There is function prot(), which protects the query against sql injection.
and because you don't have any IN_SCRIPT variables defined there's nothing preventing included pages being accessed directly.
Every included file contents this row at th beginning:
btw. You can't include remote PHP file from another server, because web service never gives the unexecutted file..
So it means that no flaw has been found.
Please read something about PHP before you claims something like this.
Passwords are stored as md5 hash.
There's no such thing in requestAccess.php:
It may been edited by someone else (hacker).
admin/ajax/delete_admin.php:
i think it's ok, what's wrong with that?
jonstaz, we didn't stole anything from you.
If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.
There's no such thing in requestAccess.php:
It may been edited by someone else (hacker).
admin/ajax/delete_admin.php:
i think it's ok, what's wrong with that?
jonstaz, we didn't stole anything from you.
If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.
My bad, it's in /admin/index.php not requestAccess.php
if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
include './pages/'.$_GET['p'].'.php';
So the problem with that, and admin\ajax\delete_admin.php:
mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");
is that _GET is in the URL, which allows for an injection, we can put any .php in there, and because you don't have any IN_SCRIPT variables defined there's nothing preventing included pages being accessed directly.
Just hashing the passwords in MD5 isn't good enough, you at very least need to salt each of the hashes.
There are no transactions for admin deposits or withdrawals.
Found a couple of potential holes:
requestAccess.php:
if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
include './pages/'.$_GET['p'].'.php';
admin\ajax\delete_admin.php:
mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");
Also it looks like the passwords are stored as non salted MD5 hashes
requestAccess.php:
if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
include './pages/'.$_GET['p'].'.php';
admin\ajax\delete_admin.php:
mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");
Also it looks like the passwords are stored as non salted MD5 hashes
Passwords are stored as md5 hash.
There's no such thing in requestAccess.php:
It may been edited by someone else (hacker).
admin/ajax/delete_admin.php:
i think it's ok, what's wrong with that?
jonstaz, we didn't stole anything from you.
If there was a wallet steels, it could be a security error. We'll do security research tonight and we'll let you know.
Buyers want to be the house, only to find out they are the gamblers....oops.
I also bought the script. PM me for more info. I like to keep things private.
Found a couple of potential holes:
requestAccess.php:
if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
include './pages/'.$_GET['p'].'.php';
admin\ajax\delete_admin.php:
mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");
Also it looks like the passwords are stored as non salted MD5 hashes
requestAccess.php:
if (!empty($_GET['p']) && file_exists('./pages/'.$_GET['p'].'.php'))
include './pages/'.$_GET['p'].'.php';
admin\ajax\delete_admin.php:
mysql_query("DELETE FROM `admins` WHERE `id`='".prot($_GET['_admin'])."' LIMIT 1");
Also it looks like the passwords are stored as non salted MD5 hashes
Jump to: