Re: DaDice.com - Next Generation Social Gambling Dice Experience
Well I did say exactly the same thing:
Chat/Sockets script did only sanitize the user-submitted data, not the data coming from JS. This was the actual exploit
Necessary actions were taken and this is now fixed. If you have anything further to report, you can do so like others have done before, contact our support and expect a bounty reward.
Anyway, all this happened this time because our socket script didn't sanitize some data (background variables, exploited from console) which was sent along with chat messages or other online/offline commands.
Chat/Sockets script did only sanitize the user-submitted data, not the data coming from JS. This was the actual exploit
Necessary actions were taken and this is now fixed. If you have anything further to report, you can do so like others have done before, contact our support and expect a bounty reward.