MNG Posted June 23, 2013 Posted June 23, 2013 (edited) I talked to Rockwood and that guy is great and he has told me my credit system is exploitable so now today a user has hacked over billions of credits on my game no big deal all fixed. But I need someone to look on my site and find more exploits. I am willing to pay 5-10$ per page to be secured I need about 2-3 -ages secured that know of. I need this asap. Edited June 23, 2013 by MNG Quote
Grant1998 Posted June 23, 2013 Posted June 23, 2013 I can do this. I know how to find out the pages that are vunuable for an attack. Quote
Lucifer.iix Posted November 19, 2013 Posted November 19, 2013 I am willing to pay 5-10$ per page to be secured And how would you know it secure or fixed ? And when do you going to pay him ? When you think it's secure or he says so.... Why not just make the price you get reporting a bug to you has more value than the billions of fake credit. That is what all the other companies like google and MS are doing... Happy Hacking: Roger. Quote
Curt Posted November 19, 2013 Posted November 19, 2013 From what you said, this sounds like a simple SQL "hack". Review your script and make sure any $_GET/$_POST is secure. Seeing as this is a credit feature, I would assume all form data is numbers. In that case simply do $_GET['your_var_here']=abs((int)$_GET['your_var_here']); Quote
Dominion Posted November 19, 2013 Posted November 19, 2013 Why not just make the price you get reporting a bug to you has more value than the billions of fake credit. That is what all the other companies like google and MS are doing... Happy Hacking: Roger. Microsoft and Google are doing what? I don't understand that sentence. Quote
Lucifer.iix Posted November 19, 2013 Posted November 19, 2013 (edited) @Dominion: Doesn't matter i'm not English. Here you go: http://uk.reuters.com/article/2013/10/08/us-microsoft-cybersecurity-idUKBRE9970YK20131008 So how mutch value do your credits have ? If i can choice between cheating and winning or 10 dollar, i will cheat and win the game. But for 50 dollar, who cares about the game.... It's also nice to be a `special` member for the game (maybe free play) and your name some where in the credits. Happy Hacking: Roger. Ps: I will always tell, i don't care about games. Like programming to mutch for that. Edited November 19, 2013 by Lucifer.iix Quote
URBANZ Posted November 20, 2013 Posted November 20, 2013 it will not be any of them ages ago their was a simple trick to do and that is save your donation page change the URL to sandbox.paypal and pay with a sandbox account or even just change the price of the pack to $0.1 and it would still get credited the best way to stop it is check the postback url, email and the price of the upgrade in the IPN against the values in the database and also extra security add a encrypted secret in the donation that encrypts the email, price etc with SHA256 or something similar so the use cannot change the values without it being detected Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.