"Odyssey Market" using a public/paid pre-made script (Evolution clone script), not secure at all.. Publicly leaked as well.

I recently checked out odyssey market and I realized they are using a pre-made script (evolution clone script) that can be purchased through bitcointalk lol. "sellscript" on BCT used to sell this script now about 20-30+ people have it...

For fuck sake I even have this script lol, thinking about publicly leaking it but I'm not sure. It's full of bugs, admin panel is trash and doesnt even have a dispute / refund system LOL.

You can see the demo here: http://demo.scriptphp87.com/torservice/users/login

They just rethemed it and added XMR support. I would not trust this market at all. Be warned.

Edit: If your downvoting this your either a shill for "Odyssey Market" or a complete dumbass.


Comments


[37 Points] None:

[deleted]


[17 Points] mrfloridamolly99:

Sounds like another come and go market, with no dream of actually connecting customers and vendors in an effective way.

Instead its probably another cash grab for n00bs or little kids who haven't been burned yet.

Thanks for quickly pointing out how shitty the market is shortly after their "announcement" lol


[14 Points] LarryKingdom:

What does it matter if they have the script? IF they're not complete fucking idiots they would have changed the backend to their own specifications. Just because something is a clone/leaked/open source doesn't mean it's instantly a bad thing. Tochka is open source for fuck sake. So go ahead and leak it. It'll do the community good anyway.


[2 Points] SourcingAlp:

i am on the odyssey market already :| so should i get the fuck out of dodge or am i good to go and wait for it to pick up with buyers and vendors before i transfer ANY coin to my wallet? i am probably going to be a vendor for ECP :) It's time to spread the love and i am going to be in and out after a decent amount of $... i don't need to become the top #1 dope dealer in america blah blah .. i will fy under radar with VERY nice prices and TIPPITY TOP product ;) If all works well i will have a bond and listing up in the next week or so with of course 15 samples of .3 rocks(just gotta pay 8$ shipping) just for the reviews and building rep with the buyers etc. i won't be around long and i will be under a new alias but cheers to everyone and hope you all have a great year !!


[2 Points] Peter-Lustig0:

do you think this is not a trusted market or another flop like TR what do you think. The market script was copied and changed. have I understood that correctly.


[2 Points] stonedbuyer01:

and it's gone


[1 Points] chescos:

Is there a market where both backend and frontend are completely open source?

I think that would probably be something pretty good.


[1 Points] Peter-Lustig0:

odyssey forum reminds me a bit of the aeon forum


[1 Points] burden_of_boof:

Paging /u/DarkNetSoftwareEng


[1 Points] zyrs86:

Odyssey dead in the water


[1 Points] obtuseusedmoose:

Really don't understand why odyssey is getting so much hate, how are his comments on the matter in anyway unprofessional? OdysseyCamp has completley debunked OPs claims, and OP repeats the same claim every time they aredebunked, if OP is so adamant, why not leak, and why not actually perform the attack? FUD, this thread should be downvoted.


[1 Points] R00tKE:

u/OdysseyCamp so when I leave my coins in your market they will get lost in terms of "DONATION"


[1 Points] Brookklyn:

Lol arguing over a dead site


[0 Points] None:

I deleted all my comments in this thread, a lot were pointless. I stand firm Odyssey does not suffer from the issues the original evo code does. They're gone. The market works great.

Finally, I have an idea install your script to a test server, turn it into a .onion you could use a cheap vps or your home machine for this test.

I will then show you how to exploit it, you can then attempt the same exploits on Odyssey, this will show you they don't work on Odyssey and then maybe this topic can be removed.


[0 Points] None:

Actually you can test it here

http://demo.scriptphp87.com/torservice/users/create

For my example I created adam3434. then using this keyboard

https://www.branah.com/greek

I created αdam3434, people could use this to spoof a login. Now go to Odyssey and try to create αdam3434 using the Greek keyboard.

Odyssey will block the attempt, proof Odyssey does not have this issue. Someone could create αdmin with the Greek keyboard on the evo website and attempt to message users.

Create a new account on Odyssey and send a private message to Support add some html to the message or attempt to add a script.

Admin panel, a user could attempt a brute force attack here.

http://demo.scriptphp87.com/torservice/adminpanel/login

Yes you could change the route, but if a user found it they can still attempt to login, this doesn't exist on Odyssey.