big bug all verison poker mavens 4.18,4.17,...

Report bugs found in Poker Mavens
maghlub
Posts: 41
Joined: Tue Sep 10, 2013 3:09 am

big bug all verison poker mavens 4.18,4.17,...

Post by maghlub »

my php files has no buges but ,someone can inject money to the site.
i think rhe software api has a bug.i made a whitelist only for my ip but he still can make change in users.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Post by Kent Briggs »

maghlub wrote:my php files has no buges but ,someone can inject money to the site.
i think rhe software api has a bug.i made a whitelist only for my ip but he still can make change in users.
API calls will show up in the Event Logs. Do your event logs show activity from someone other than you?
maghlub
Posts: 41
Joined: Tue Sep 10, 2013 3:09 am

Re: big bug all verison poker mavens 4.18,4.17,...

Post by maghlub »

is it possible to send balance raising command using web socket?

he claimed that he can makes the hand shown during the game.

i don't know how but i was watching the accounts list and suddenly an account created with 4.000.000 balance in front of my eyes. :shock:

also owners of other servers told me they have seen this too.
Attachments
i think before he injects balance this error appears here
i think before he injects balance this error appears here
Snapshot_2014-04-22_002440.jpg (7.26 KiB) Viewed 11439 times
when he injects balance type "Account" inserts here but not the "Remote"
when he injects balance type "Account" inserts here but not the "Remote"
Snapshot_2014-04-22_002506.jpg (6.36 KiB) Viewed 11439 times
maghlub
Posts: 41
Joined: Tue Sep 10, 2013 3:09 am

Re: big bug all verison poker mavens 4.18,4.17,...

Post by maghlub »

also, read the comments of attachments :roll:
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Post by Kent Briggs »

"Remote" events are not the API, they show when someone uses the Remote Admin interface. You should change the "Administration password" immediately or disable "Allow remote administration". You can also change the default "admin" path and implement an IP whitelist.
datis
Posts: 28
Joined: Thu Nov 07, 2013 4:06 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Post by datis »

Dear kent
one of my user can cheat in my server
for example when he want to buy credit , he buy 20000 credit but double of this add to his account by via API? what can i do ?
please help me

TNX
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Post by Kent Briggs »

datis wrote:what can i do ?
Change all your passwords.
datis
Posts: 28
Joined: Thu Nov 07, 2013 4:06 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Post by datis »

when he is in her account can do this
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Post by Kent Briggs »

datis wrote:when he is in her account can do this
Show me the evidence. What does the event log show?
datis
Posts: 28
Joined: Thu Nov 07, 2013 4:06 pm

Re: big bug all verison poker mavens 4.18,4.17,...

Post by datis »

in her account ( in my web site) he click on the buy credit and pay 20000 call back event add to her accounte double 20000 with the same anything date hour and ... but for the others it work true only this id can cheat in my web site . he is a client but he can cheating in buy credit.
Post Reply