9 points | by redactsure 8 hours ago
8 comments
i took the coins (temp email cikito2131@evoxury.com) went to the tools site you linked, main page and to the tool that makes pictures from text. pasted into textbox and it wasn't hidden. Spent more time figuring out how to do the wallet stuff
lol that's dumb of me. I figured one of the websites would have a vulnerability like that. Images should be hidden but clearly not!
Anyways. Thanks for the feedback! I'll be back when I add a patch.
bug was literally 1 line of code.
I might be back up today if you want another shot.
I had no idea evil tester website had so many tools throughout it!
Smart people exist.
> 15 minute time limit per session
Why? That's not how security works.
I have to to host a gpu node per session so 15min is to reduce cost and allow more people to try it.
It's not traditional security testing. I want you to break the hiding algorithm which requires no security knowledge other than copy paste and typing.
The private key is in plain text on the instance you can copy and paste it or delete it anywhere you like.
So its over and 3PCVMB3GfvRrMG9cav6EQwSBoWzjS7gLiW got it?
yup if I can fix the problem today I'll launch tomorrow same thing.
i took the coins (temp email cikito2131@evoxury.com) went to the tools site you linked, main page and to the tool that makes pictures from text. pasted into textbox and it wasn't hidden. Spent more time figuring out how to do the wallet stuff
lol that's dumb of me. I figured one of the websites would have a vulnerability like that. Images should be hidden but clearly not!
Anyways. Thanks for the feedback! I'll be back when I add a patch.
bug was literally 1 line of code.
I might be back up today if you want another shot.
I had no idea evil tester website had so many tools throughout it!
Smart people exist.
> 15 minute time limit per session
Why? That's not how security works.
I have to to host a gpu node per session so 15min is to reduce cost and allow more people to try it.
It's not traditional security testing. I want you to break the hiding algorithm which requires no security knowledge other than copy paste and typing.
The private key is in plain text on the instance you can copy and paste it or delete it anywhere you like.
So its over and 3PCVMB3GfvRrMG9cav6EQwSBoWzjS7gLiW got it?
yup if I can fix the problem today I'll launch tomorrow same thing.