Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Micro Earnings
Re: FaucetHub Bitcoin Faucet Script - Open your own faucet
by
Salmen
on 19/12/2016, 18:35:36 UTC
Quote from: Kazuldur on December 19, 2016, 06:25:08 PM
I don't recommend this script:

1. there's a critical vulnerability that can be used to bypass timer (reported in PM)
2. the way it's written is just asking for a SQL Injection vulnerability. Instead of using prepared statements or an ORM, variables are escaped in random places. I've already found an instance of variable that's escaped twice, it's not hard to imagine there is (or will be introduced in an update) a variable that's not escaped at all.
3. superglobal variables are overwritten
4. getipintel have a limit of 500 queries and will be too expensive to be used by faucets, so this bot shield is useless

Thank you for the feedback.
  • To the point one, I replied a message and an alternative script will be addded into it.
  • To the point two, I'll find all possible leaks and fix it.
  • o the point three, I'll look if I did anything wrong or the template script itself.
  • To the point four, it is true that it has a limit and it was mentioned earlier. I couldn't find another API that suits it.