Blog

Securify, November 2016

Spot The Bug challenge December 2016. Win the BitCoin!

Intro

At Securify we are hunting down bugs in our clients' code. It is a demanding task, but we enjoy every bit of it! Every year we release a Spot The Bug challenge. Do you think that you can spot the security bug(s) in this code?

/blog/SFY20161113/stb4btc.png

The briefing

Seconds before his Tor Server got seized, the admin managed to wipe his bitcoin keys and a bunch of other evidence. Although he got his business up and running again on a new hidden server, the admin freaked out about the bust. He asked his friends to code-review his admin script to identify any possible security defects! The admin is willing to reward the person that will report the most bugs with a bitcoin! Got his own script got him owned?

So your task for this challenge is to find any bugs (big & small) so this admin can better secure his new server.

Rules

Mail your submission or any questions to stb@securify.nl. The deadline for submitting reports is January 1st, 2017. The winner of the challenge/BitCoin, and our detailed write-up will be announced via Twitter @securifybv once all submissions are reviewed.

The Code

You can find the code on Github.

/blog/SFY20161113/code.png

Work with us →