TYJ Posted February 26, 2015 Report Posted February 26, 2015 (edited) Salut.Am mai facut un thread in seciunea "Ajutor", dar cred ca se incadreaza aici, la Market pentru ca ofer bani celor care ma pot ajuta. > https://rstforums.com/forum/97877-ajutor-securitate-site-bug-bounty-platforma-bitcoin-dice.rstTocmai ce am finalizat un proiect Bitcoin si as vrea sa testez daca este vulnerabil.Orice fel de vulnerabilitate gasita are o recompensa. XSS, CSRF, SQLi etc.Este vorba de un site de gambling (Bitcoin dice).Am platit si o firma specializata pe domeniul acesta, dar abia de luni se pot apuca de teste, iar pana luni as vrea sa-mi fac o idee.Site-ul este: wishdice.comDovada ca e al meu: http://wishdice.com/rst.txtPlatforma este WordPress, adaptata si modificata pentru a functiona corect cu sistemul de jocPluginuri active: Advanced Custom Fields, BAW Anti CSRF, BruteProtect, Easy FancyBox, iThemes Security, Login Widget With Shortcode, Mingle Users Online, qrcode_wprhe, Really Simple CAPTCHA, Simple Ajax Chat, TablePress Extension: Table AJAX refreshAveti si BITCOIN FAUCET 0.00100000 pe TestNet. Site-ul este in teste momentan.Puteti folosi si scannere, dar cel mai probabil veti lua BAN automat.Ma intereseaza vulnerabilitatile care pot fi exploatate. Pentru partea de design/grafica stiu unde sunt probleme.Cine gaseste vulnerabilitati, sa ma anunte prin PM. Va rog sa nu le exploatati pentru a primi recompensa.Multumesc!Am un VPS ieftin unde a fost creat site-ul si am instalat clientul bitcoin. Nu incercati ddos sau scannere ca sigur o sa pice. O sa iau un vps in momentul in care sing sigur ca nu este vulnerabil Edited February 27, 2015 by TYJ Quote
EAdrian Posted February 26, 2015 Report Posted February 26, 2015 Pân? la vulnerabilit??i... apas? pe news apoi pe play. Quote
TYJ Posted February 26, 2015 Author Report Posted February 26, 2015 Pân? la vulnerabilit??i... apas? pe news apoi pe play.Multumesc de atentionare.rolldice.ro nici macar nu exista. Site-ul a fost facut offline pe localhost. Am editat fisierul hosts din c:/windows/system32/drivers/etc si am folosit acest domeniu.Ma intereseaza doar vulnerabilitatile momentan. De partea grafica ma voi ocupa dupa ce rezolv u vulnerabilitatile.. Vreau s ainvestesc timpul intai in securitate, apoi in celalalte chestii Quote
Guest Kronzy Posted February 27, 2015 Report Posted February 27, 2015 (edited) Pai ma omule cum vrei sa gasim daca nu ai mai nimic pe el login nu ai... ai doar un form ala de registerIndex of /wp-contentIndex of /wp-includesPune un index.html gol.. Edited February 27, 2015 by Kronzy Quote
DOC2tochu Posted February 27, 2015 Report Posted February 27, 2015 Pai ma omule cum vrei sa gasim daca nu ai mai nimic pe el login nu ai... ai doar un form ala de registerAdevarul e ca tu sigur ai sa gasesti ceva. Quote
TYJ Posted February 27, 2015 Author Report Posted February 27, 2015 Pai ma omule cum vrei sa gasim daca nu ai mai nimic pe el login nu ai... ai doar un form ala de registerEste precizat cu culoare rosie si scris mare ca: MOMENTAN E DOWN.SCHIMB VPS-UL CU UNUL MAI BUN SI REVIN!Astazi o sa-l schimb si va putea fi sus. Quote
Guest Kronzy Posted February 28, 2015 Report Posted February 28, 2015 (edited) Pai..FPD: 1.http://wishdice.com/wp-content/themes/twentythirteen/index.php il fixezi cu : error_reporting(0);2.http://wishdice.com/wp-content/plugins/easy-fancybox/easy-fancybox.phpFile listing: 1. Index of /wp-content/themes/twentythirteen/images pui un index.html gol.2. Index of /wp-content/plugins/simple-ajax-chat3. Index of /wp-includes4. http://wishdice.com/wp-content/plugins/easy-fancybox/5. http://wishdice.com/wp-content/Chiar daca ai schimbat path-ul wp-admin este foarte usor de gasit : http://wishdice.com/sqwz21gnipmqhttp://wishdice.com/news/ si dai pe fair si poti vedea cod-ul..<?$clientSeed="YOUR-CLIENT-SEED";$serverSeed="The-SERVER-SEED";$globalSeedVarchar=$clientSeed.$serverSeed;$validSeedChar=array( "a","b","c","d","e","f", "g","h","i","k","j","l", "m","n","o","p","q","r", "s","t","u","v","w","x", "y","z","0","1","2","3", "4","5","6","7","8","9");$globalSeedInt=0;for ($i=0; $i<strlen($globalSeedVarchar); $i++) { $char=substr($globalSeedVarchar,$i,1); $addThis=intval(array_search(strtolower($char),$validSeedChar)); if (ctype_upper($char)) { $changeThis=strlen($globalSeedVarchar); $globalSeedInt=$globalSeedInt+($addThis*$changeThis); } else { $globalSeedInt=$globalSeedInt+$addThis; }}srand($globalSeedInt);$roll=number_format((rand(1,10000)/100),2,'.','');echo $roll;?> Edited February 28, 2015 by Kronzy Quote
Erase Posted February 28, 2015 Report Posted February 28, 2015 FPD: 1.http://wishdice.com/wp-content/theme...teen/index.php il fixezi cu : error_reporting(0);Eroarea nu se rezolva ascunzand-o Kronzy.(sper ca nu esti dev.)Cred ca sunt offtopic insa cand vad aberatii scrise in putinul timp pe care il petrec pe forum nu ma pot abtine sa nu postez.Cei care stiti php bine luati-l de urechi. Quote
TYJ Posted February 28, 2015 Author Report Posted February 28, 2015 Pai..FPD: 1.http://wishdice.com/wp-content/themes/twentythirteen/index.php il fixezi cu : error_reporting(0);2.http://wishdice.com/wp-content/plugins/easy-fancybox/easy-fancybox.phpFile listing: 1. Index of /wp-content/themes/twentythirteen/images pui un index.html gol.2. Index of /wp-content/plugins/simple-ajax-chat3. Index of /wp-includes4. http://wishdice.com/wp-content/plugins/easy-fancybox/5. http://wishdice.com/wp-content/Chiar daca ai schimbat path-ul wp-admin este foarte usor de gasit : http://wishdice.com/sqwz21gnipmqhttp://wishdice.com/news/ si dai pe fair si poti vedea cod-ul..<?$clientSeed="YOUR-CLIENT-SEED";$serverSeed="The-SERVER-SEED";$globalSeedVarchar=$clientSeed.$serverSeed;$validSeedChar=array( "a","b","c","d","e","f", "g","h","i","k","j","l", "m","n","o","p","q","r", "s","t","u","v","w","x", "y","z","0","1","2","3", "4","5","6","7","8","9");$globalSeedInt=0;for ($i=0; $i<strlen($globalSeedVarchar); $i++) { $char=substr($globalSeedVarchar,$i,1); $addThis=intval(array_search(strtolower($char),$validSeedChar)); if (ctype_upper($char)) { $changeThis=strlen($globalSeedVarchar); $globalSeedInt=$globalSeedInt+($addThis*$changeThis); } else { $globalSeedInt=$globalSeedInt+$addThis; }}srand($globalSeedInt);$roll=number_format((rand(1,10000)/100),2,'.','');echo $roll;?>Multumesc.La faza cu FAIR asa trebuie.Cu codul ala poti verifica daca bet-ul a fost facut pe bune sau trisat. Daca ai pierdut cinstit sau te-am facut eu sa pierzi. Quote
yo20063 Posted February 28, 2015 Report Posted February 28, 2015 ClickJacking, pune-ti un frame buster. Quote
cehov Posted February 28, 2015 Report Posted February 28, 2015 http://wishdice.com/info.php nu trebuie sa fie listatIndex of /wp-includes/js/swfupload are exploit (stai linistit ca nu am urcat nimic pe site)http://wishdice.com/wp-includes/error_log nu trebuie sa fie listathttp://wishdice.com/wp-includes/ID3/error_log nu trebuie sa fie listathttp://www.wishdice.com/wp-content/plugins/simple-ajax-chat/error_log nu trebuie sa fie listathttp://wishdice.com/wp-includes/theme-compat/error_log nu trebuie sa fie listathttp://wishdice.com/?action=creazaUser&user=xxxxx asta nu iti umple tabela wp_users? Quote
metasploit2015 Posted February 28, 2015 Report Posted February 28, 2015 File listing: Index of /wp-content//plugins/login-sidebar-widgetFPD: http://wishdice.com/wp-includes/rss-functions.php Sterge asta: WordPress › ReadMe Quote
DOC2tochu Posted February 28, 2015 Report Posted February 28, 2015 Pai..FPD: 1.http://wishdice.com/wp-content/themes/twentythirteen/index.php il fixezi cu : error_reporting(0);2.http://wishdice.com/wp-content/plugins/easy-fancybox/easy-fancybox.phpFile listing: 1. Index of /wp-content/themes/twentythirteen/images pui un index.html gol.2. Index of /wp-content/plugins/simple-ajax-chat3. Index of /wp-includes4. http://wishdice.com/wp-content/plugins/easy-fancybox/5. http://wishdice.com/wp-content/Chiar daca ai schimbat path-ul wp-admin este foarte usor de gasit : http://wishdice.com/sqwz21gnipmqhttp://wishdice.com/news/ si dai pe fair si poti vedea cod-ul..<?$clientSeed="YOUR-CLIENT-SEED";$serverSeed="The-SERVER-SEED";$globalSeedVarchar=$clientSeed.$serverSeed;$validSeedChar=array( "a","b","c","d","e","f", "g","h","i","k","j","l", "m","n","o","p","q","r", "s","t","u","v","w","x", "y","z","0","1","2","3", "4","5","6","7","8","9");$globalSeedInt=0;for ($i=0; $i<strlen($globalSeedVarchar); $i++) { $char=substr($globalSeedVarchar,$i,1); $addThis=intval(array_search(strtolower($char),$validSeedChar)); if (ctype_upper($char)) { $changeThis=strlen($globalSeedVarchar); $globalSeedInt=$globalSeedInt+($addThis*$changeThis); } else { $globalSeedInt=$globalSeedInt+$addThis; }}srand($globalSeedInt);$roll=number_format((rand(1,10000)/100),2,'.','');echo $roll;?>Alea-s toate erori de scanner, probabil Netsparker. Mai du-te-n pula noastra ca asta putem face si noi. Quote
TYJ Posted March 1, 2015 Author Report Posted March 1, 2015 http://wishdice.com/info.php nu trebuie sa fie listatIndex of /wp-includes/js/swfupload are exploit (stai linistit ca nu am urcat nimic pe site)http://wishdice.com/wp-includes/error_log nu trebuie sa fie listathttp://wishdice.com/wp-includes/ID3/error_log nu trebuie sa fie listathttp://www.wishdice.com/wp-content/plugins/simple-ajax-chat/error_log nu trebuie sa fie listathttp://wishdice.com/wp-includes/theme-compat/error_log nu trebuie sa fie listathttp://wishdice.com/?action=creazaUser&user=xxxxx asta nu iti umple tabela wp_users?http://wishdice.com/?action=creazaUser&user=xxxxx1 > tie iti functioneaza? Quote
yo20063 Posted March 1, 2015 Report Posted March 1, 2015 | WishDice > tie iti functioneaza?Merge prin POST, ai mai multe chestii care merg prin POST, vezi ca checkrolldice si checkpass sunt aceleasi session hash, daca reuseste cineva sa prinda algoritmul, e ditamai CSRF-ul.si...succes Quote
TYJ Posted March 1, 2015 Author Report Posted March 1, 2015 Merge prin POST, ai mai multe chestii care merg prin POST, vezi ca checkrolldice si checkpass sunt aceleasi session hash, daca reuseste cineva sa prinda algoritmul, e ditamai CSRF-ul.si...succesMerge pus un token dar nu e o problema asta.. La vreo 10 conturi create iti restrictioneaza accesul Quote
yo20063 Posted March 1, 2015 Report Posted March 1, 2015 (edited) Pai gandeste-te ca faci un script care foloseste lista de proxy.....nu mai bine pui un captcha?//Nu am zis sa pui la login, ci la register, one time deal. Edited March 2, 2015 by yo20063 Quote
TYJ Posted March 2, 2015 Author Report Posted March 2, 2015 Pai gandeste-te ca faci un script care foloseste lista de proxy.....nu mai bine pui un captcha?Tu ai avea rabdare sa intri pe un site, pe fuga si sa te streseze un captcha? Mai ales sa punem google captcha si abia sa descifrezi codul ala.Multumesc de sfat, dar este ceva mai simplu. La 10 conturi create (sau cate vreau eu sa pun) iti restrictioneaza accesul la crearea contului. Quote
TYJ Posted March 2, 2015 Author Report Posted March 2, 2015 Pai gandeste-te ca faci un script care foloseste lista de proxy.....nu mai bine pui un captcha?//Nu am zis sa pui la login, ci la register, one time deal.Chiar si la register e stresant. Oricum ti-am zis ca am alta protectie. Daca faci 10 conturi te blocheaza. Quote
Anonym13 Posted March 13, 2015 Report Posted March 13, 2015 Imi place plugin-ul BruteProtect , felicitari pentru alegere. Quote
Guest AndreiMihai Posted March 13, 2015 Report Posted March 13, 2015 Cand termini site-ul de tot si o sa fie 100% functional sa scrii ca vreau sa intru si eu Quote
