Re: DaDice.com - Next Generation Social Gambling Dice Experience
Well I did say exactly the same thing:
Chat/Sockets script did only sanitize the user-submitted data, not the data coming from JS. This was the actual exploit
Necessary actions were taken and this is now fixed. If you have anything further to report, you can do so like others have done before, contact our support and expect a bounty reward.
Anyway, all this happened this time because our socket script didn't sanitize some data (background variables, exploited from console) which was sent along with chat messages or other online/offline commands.
Chat/Sockets script did only sanitize the user-submitted data, not the data coming from JS. This was the actual exploit
Necessary actions were taken and this is now fixed. If you have anything further to report, you can do so like others have done before, contact our support and expect a bounty reward. Well said from the dev there. The bounty offered for bug reporting is more than just a bit of money. It's an act of good faith that shows we appreciate good feedback from our players or those who discover something. Our dev has also admitted the problem and fixed the issue in good time as well so that should be the end of that I believe. Rather behave in what I feel is a civilised and intelligent manner (as I just mentioned) then spend time and unnecessary energy on roundabout attacking routes. This way we can actually build a proper community rather than what appears to be the case now