big bug all verison poker mavens 4.18,4.17,...

Report bugs found in Poker Mavens

big bug all verison poker mavens 4.18,4.17,...

Postby maghlub » Mon Apr 21, 2014 1:19 am

my php files has no buges but ,someone can inject money to the site.
i think rhe software api has a bug.i made a whitelist only for my ip but he still can make change in users.
maghlub
 
Posts: 41
Joined: Tue Sep 10, 2013 3:09 am

Re: big bug all verison poker mavens 4.18,4.17,...

Postby Kent Briggs » Mon Apr 21, 2014 9:24 am

maghlub wrote:my php files has no buges but ,someone can inject money to the site.
i think rhe software api has a bug.i made a whitelist only for my ip but he still can make change in users.


API calls will show up in the Event Logs. Do your event logs show activity from someone other than you?
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3806
Joined: Wed Mar 19, 2008 8:47 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Postby maghlub » Mon Apr 21, 2014 3:10 pm

is it possible to send balance raising command using web socket?

he claimed that he can makes the hand shown during the game.

i don't know how but i was watching the accounts list and suddenly an account created with 4.000.000 balance in front of my eyes. :shock:

also owners of other servers told me they have seen this too.
Attachments
Snapshot_2014-04-22_002440.jpg
i think before he injects balance this error appears here
Snapshot_2014-04-22_002440.jpg (7.26 KiB) Viewed 5045 times
Snapshot_2014-04-22_002506.jpg
when he injects balance type "Account" inserts here but not the "Remote"
Snapshot_2014-04-22_002506.jpg (6.36 KiB) Viewed 5045 times
maghlub
 
Posts: 41
Joined: Tue Sep 10, 2013 3:09 am

Re: big bug all verison poker mavens 4.18,4.17,...

Postby maghlub » Mon Apr 21, 2014 3:15 pm

also, read the comments of attachments :roll:
maghlub
 
Posts: 41
Joined: Tue Sep 10, 2013 3:09 am

Re: big bug all verison poker mavens 4.18,4.17,...

Postby Kent Briggs » Mon Apr 21, 2014 3:29 pm

"Remote" events are not the API, they show when someone uses the Remote Admin interface. You should change the "Administration password" immediately or disable "Allow remote administration". You can also change the default "admin" path and implement an IP whitelist.
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3806
Joined: Wed Mar 19, 2008 8:47 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Postby datis » Sun May 04, 2014 1:02 pm

Dear kent
one of my user can cheat in my server
for example when he want to buy credit , he buy 20000 credit but double of this add to his account by via API? what can i do ?
please help me

TNX
datis
 
Posts: 28
Joined: Thu Nov 07, 2013 4:06 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Postby Kent Briggs » Sun May 04, 2014 1:16 pm

datis wrote:what can i do ?


Change all your passwords.
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3806
Joined: Wed Mar 19, 2008 8:47 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Postby datis » Sun May 04, 2014 1:21 pm

when he is in her account can do this
datis
 
Posts: 28
Joined: Thu Nov 07, 2013 4:06 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Postby Kent Briggs » Sun May 04, 2014 1:44 pm

datis wrote:when he is in her account can do this


Show me the evidence. What does the event log show?
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3806
Joined: Wed Mar 19, 2008 8:47 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Postby datis » Sun May 04, 2014 2:00 pm

in her account ( in my web site) he click on the buy credit and pay 20000 call back event add to her accounte double 20000 with the same anything date hour and ... but for the others it work true only this id can cheat in my web site . he is a client but he can cheating in buy credit.
datis
 
Posts: 28
Joined: Thu Nov 07, 2013 4:06 pm

Next

Return to Bugs

Who is online

Users browsing this forum: No registered users and 2 guests

cron