Quote:
Originally posted by candyflip
What you guys don't get is that Icefire wrote his program for himself.
|
Anyone who has ever thrown two lines of code together and bothers to look can see that this script is a blatant rip off of TTT.
Does the fact that both scripts have the same vulnerability say anything about their origin?
Probability that Icefire wrote this script for himself: zero.
Probability that Icefire is a lying, thieving extortionist: 100%.
The only bigger idiot than Icefire is anyone who uses "his" script and sends him 1% of their traffic.
Any trading script author who wants to know what this vulnerability is and how to fix it, PM me and I will tell you for free.
This is an old and obvious vulnerability.
If you have TTT and are worried, set your script to only accept trades in the findtrades database. That will mostly protect you. You can achieve total protection without a new version of TTT, but I can't say how without giving away the vulnerability, which I am reluctant to do here.
There is a simple technique that every web developer should be aware of and use to automatically to counter this type of problem, but I am reluctant to mention it in this context. No professionally written script should ever have this problem.