Pages:
Author

Topic: Would there be an interest for a Bitcoin Gambling Source? | Become the House (Read 2437 times)

member
Activity: 65
Merit: 10
how much knowledge do i need to know in order to keep it running? can it be tweaked and changed if needed? now i am a novice at websites and any sort of programming so could you explain how the code works in a summarised way?

cheers Grin
full member
Activity: 188
Merit: 100
Can vouch for this user, really knows his stuff.

You have even less reputation than OP!

lol this thread is just funny.

Thanks you guys. I LOL'd too.
newbie
Activity: 42
Merit: 0
And no, you can't do that unless you have their log-in.  In which case they'd simply be 'hacked'

Are you not aware of CSRF? I don't need someone's login. I just need to know someone's bitcoin address and I can silently update it.

You're both idiots.

First of all, I could easily check where the requests are coming from, second of all, the user sees their cashout address prior to clicking cashout.

They could easily change it back to their address.

Lol.  Please point out these 'other vulnerabilites.'
full member
Activity: 196
Merit: 100
And no, you can't do that unless you have their log-in.  In which case they'd simply be 'hacked'

Are you not aware of CSRF? I don't need someone's login. I just need to know someone's bitcoin address and I can silently update it.

Just let him be. This kid is not worth anyone's time.
vip
Activity: 1316
Merit: 1043
👻
And no, you can't do that unless you have their log-in.  In which case they'd simply be 'hacked'

Are you not aware of CSRF? I don't need someone's login. I just need to know someone's bitcoin address and I can silently update it.
newbie
Activity: 42
Merit: 0
I'm sorry but your site is horribly insecure. If I know a user's Bitcoin address, I can change their cashout address to mine. Silently.

Proof of concept: http://ca3.cc/poc.php

lrn2security. Anyone who buys broken scripts is an idiot and will get hacked, because there's quite a few other vulnerabilities too.

Just ignore Loker...

Just ignore me?  My source has no vulns.  Lol.
full member
Activity: 196
Merit: 100
I'm sorry but your site is horribly insecure. If I know a user's Bitcoin address, I can change their cashout address to mine. Silently.

Proof of concept: http://ca3.cc/poc.php

lrn2security. Anyone who buys broken scripts is an idiot and will get hacked, because there's quite a few other vulnerabilities too.

Just ignore Loker...
newbie
Activity: 42
Merit: 0
I'm sorry but your site is horribly insecure. If I know a user's Bitcoin address, I can change their cashout address to mine. Silently.

Proof of concept: http://ca3.cc/poc.php

lrn2security. Anyone who buys broken scripts is an idiot and will get hacked, because there's quite a few other vulnerabilities too.

Lol.  This does the same exact thing as what my script that changes people's address' does.

Their address can't be changed unless they enter theirs...

And no, you can't do that unless you have their log-in.  In which case they'd simply be 'hacked'

I usually don't express myself as such, but frankly: you're a fucking moron.

Not even going to bother verifying where the HTTP request is coming from because your script is 100% useless and most users here won't be able to realize that.

Regardless, feel free to point out any vulns.  I'd LOVE to see 'em.
vip
Activity: 1316
Merit: 1043
👻
I'm sorry but your site is horribly insecure. If I know a user's Bitcoin address, I can change their cashout address to mine. Silently.

Proof of concept: http://ca3.cc/poc.php

lrn2security. Anyone who buys broken scripts is an idiot and will get hacked, because there's quite a few other vulnerabilities too.
newbie
Activity: 42
Merit: 0
Anyone that may be interested, feel free to shoot me a Pm.
newbie
Activity: 42
Merit: 0
Fixed.  Forgot to parameterize my prepared statement that handled the updating of balance.
newbie
Activity: 42
Merit: 0
Aside from little bugs like that that are fixable, it's actually really secure.

Sorry, I don't trust a developer anymore that tries to sell a gambling site that in its current form allows anyone to cheat the house and then claim "yeah it's fixable". I bet you would've done nothing about it if I didn't point it out in this thread to you and you would just let the first sucker buying this PoS walk away without the notice that it's seriously fubar.

Wrong.  Reread my response..
full member
Activity: 196
Merit: 100
Aside from little bugs like that that are fixable, it's actually really secure.

Sorry, I don't trust a developer anymore that tries to sell a gambling site that in its current form allows anyone to cheat the house and then claim "yeah it's fixable". I bet you would've done nothing about it if I didn't point it out in this thread to you and you would just let the first sucker buying this PoS walk away without the notice that it's seriously fubar.
newbie
Activity: 42
Merit: 0
I do not suggest anyone to buy this. The site is insanely insecure and I currently own more fake gambling coins that there will ever be bitcoins (on his demo site).

Lol.  1. It's not complete and hasn't been bug-tested, 2. I have written up a file that will be a cron-job constantly checking for malicious bettors and 3. It's a sample and I never said in anyw way, shape, or form that it's 100% secure.  If it was EVER to go live it would be, however.

Not to mention, you or anyone that maliciously gained balance would never be able to cash them out.  Aside from little bugs like that that are fixable, it's actually really secure.

It makes use of prepared statements disallowing any type of database injection or manipulation.
full member
Activity: 196
Merit: 100
I do not suggest anyone to buy this. The site is insanely insecure and I currently own more fake gambling coins that there will ever be bitcoins (on his demo site).
newbie
Activity: 42
Merit: 0
You could propably post a demo that uses play money, and would be easier to get a feel for your software then the video.

Added a demo-site.  Balance is auto-added to users that register so you can toy around with it.
sr. member
Activity: 448
Merit: 250
Changing avatars is currently not possible.
You could propably post a demo that uses play money, and would be easier to get a feel for your software then the video.
newbie
Activity: 42
Merit: 0
Failing to understand that.  Reuploaded: https://vimeo.com/71077590
sr. member
Activity: 322
Merit: 250
I myself was interested in running and managing a bitcoin gambling site, but I reside in the US.
Why not to operate website anonymously via VPN or make it accessible via TOR like Silkroad!?

Can't tell if troll.

I'd love to have the source, i'm not that great at programming, but I could use this to make something.

It'd be for a hefty price of course, just due to the return you'd make off of it.

It's not for children, only for serious entrepreneurs (not saying you aren't one).  But if you don't have the money to put down for it, including the money to back the site's payroll, don't bother looking into it.

Lost all respect.
Pages:
Jump to: