Brewly - Worldwide Marketplace

A guy with a new account shows up, makes an assertion with no proof and everyone just takes his word? He doesn’t want to use his own account out of fear of being black listed? That in itself discredits him as far as I’m concerned.

I’m not suggesting everyone just go to the site and slam your address in there but this is not evidence of a breach. He’s gonna have to do better than that if he wants to be taken seriously.
 
A guy with a new account shows up, makes an assertion with no proof and everyone just takes his word? He doesn’t want to use his own account out of fear of being black listed? That in itself discredits him as far as I’m concerned.

I’m not suggesting everyone just go to the site and slam your address in there but this is not evidence of a breach. He’s gonna have to do better than that if he wants to be taken seriously.
I'm with you, but you are wasting your breath.
 
That's a lie and you know it. It's easy to proclaim that there is no vulnerability after you solve it. I will send some emails to your customers and see if some are MESO members. Obviously I took screenshots.

If you and DragonOrdnance have balls, transfer 20k to a trusted member of the community as a escrow and let's see if I'm not able to get the addressess of your customers. As you don't have many, let's bet and see if DragonOrdnance does the bet.

Let's see what you guys reply. Send 20k to the admin of Meso and I'm quite sure in a week I have a few thousand of yours orders and trackings.

So yeah, trust these guys. They don't even are willing to pay 1/4 of their promises. Making six figures I'm more bothered about the disrespect than the money.

Question for ya...

This order information that you were able to hack into. Was that an active order that hadn’t been deleted yet or was I right in assuming that even though that info appears deleted it’s still floating around?
 
As if you ever made anything close to $200/hr. lol

Everything =). Azure DevOps certified. AWS Solutions Architect Professional. Cloud guru and a decent dev.
Do you swallow?
That's a lie and you know it. It's easy to proclaim that there is no vulnerability after you solve it. I will send some emails to your customers and see if some are MESO members. Obviously I took screenshots.

If you and DragonOrdnance have balls, transfer 20k to a trusted member of the community as a escrow and let's see if I'm not able to get the addressess of your customers. As you don't have many, let's bet and see if DragonOrdnance does the bet.

Let's see what you guys reply. Send 20k to the admin of Meso and I'm quite sure in a week I have a few thousand of yours orders and trackings.

So yeah, trust these guys. They don't even are willing to pay 1/4 of their promises. Making six figures I'm more bothered about the disrespect than the money.
Why don't you post here the proof of it? Just have a member here make a test address order through dragon ordnance's brewly storefront, and have him replicate the steps, or post the steps here.

I'm sorry man, I don't really see the whole point of this. If we're not able to replicate, I can't deliver on that. Thats a PRETTY MAJOR vulnerability, and something we worked hard on to not have.

Like literally foolish mistake.
 
That's a lie and you know it. It's easy to proclaim that there is no vulnerability after you solve it. I will send some emails to your customers and see if some are MESO members. Obviously I took screenshots.

If you and DragonOrdnance have balls, transfer 20k to a trusted member of the community as a escrow and let's see if I'm not able to get the addressess of your customers. As you don't have many, let's bet and see if DragonOrdnance does the bet.

Let's see what you guys reply. Send 20k to the admin of Meso and I'm quite sure in a week I have a few thousand of yours orders and trackings.

So yeah, trust these guys. They don't even are willing to pay 1/4 of their promises. Making six figures I'm more bothered about the disrespect than the money.


Do you only have a screenshot? Or did you happen to export it to a csv file? Validation of your exploit, in my experience, shouldn't take more than 48hrs. If they don't comply, then dump a scrubbed version of the csv to pastbin and then explain to us your attack vector. Otherwise, your just some dude with a screenshot and that doesn't carry to much weight...

@Brewly if the price is right ;)

Question for ya...

This order information that you were able to hack into. Was that an active order that hadn’t been deleted yet or was I right in assuming that even though that info appears deleted it’s still floating around?
You people are so quick to believe he actually hacked it. He has posted no evidence. The only thing this jackass is saying is "i hacked you and i have screenshot". POST THE SCREENSHOT THEN! No actual pen tester relies on a screenshot to back their claims. They send compromised data to the owner and the owner should pay up in exchange for the attack vector. If the owner fails to pay, then the pentester should make public the attack vector. @DirectBullet do it bitch
 
Last edited:
I'm not the early adopter type, so I'll wait and see how it plays out.

I haven't been on this forum long, but it seems there is plenty of pissing contests between members and members shitting on vendors (Although there is some excellent posts/info sprinkled throughout, and there are some VERY helpful members on here, you just gotta be willing to read and search). More often than not it does in fact look like snakes are getting run off, but that usually seems to happen in the first couple of pages. After 430 posts in this thread the OP seems to be sticking to what he said and isn't changing his story or his tone, which generally isn't the case. And since he isn't cracking, forum members are pushing harder to get... something, I'm not really sure what. Maybe some people are just bored, maybe OP fucked someone's mom. I'm not really sure. But some have a hard-on for OP for no reason.
Obviously you haven't been here long. The crack house DO was hacked! We vet sources here. I see no testing on any of those vendors except for 1. DO is a nobody. Read through much more here before you try to attack us.
 
^^^ Lol, there’s always at least one member in the fan club!

So the site was down for over a day. A guy posts that he was able to get in and see customer orders, addresses, emails, etc. and you’re still in favor of this???

We’re all just a bunch of dumb meatheads. If someone was able to get in just to see, then imagine what someone motivated by greed or laws would be able to do.

This whole thing needs to be abandoned. It’s already been compromised in less than a week.
We got reported by someone to our registrar. Similar situation that's been happening to some sources here, sources on SST, and SST itself. This is not as big of a deal as it may seem. The site was never down, it was just unreachable via the domain.

We've been dealing with this as well as attempted DDOS attacks. Again, a similar situation to what's been going on with sources here, sources on SST, and SST itself. Fortunately, we have a DDOS mitigation service in place.

I can't definitively tell you these cases are related, though it is sus. We have our hands full dealing with these things.

We were unable to replicate the vulnerability issue reported by the gentleman in this thread. If anyone here can replicate it, let me know.
 
Obviously you haven't been here long. The crack house DO was hacked! We vet sources here. I see no testing on any of those vendors except for 1. DO is a nobody. Read through much more here before you try to attack us.
Wait a second... you mean to tell me the vendors are BERATED to no end, and you thought my response was an attack?

HAHAHAHAHA
 
You are aware that this isn’t really a legitimate venture? Like they have a team in R&D validating this?

Dude hacked in. Took screenshots and emailed. Wtf needs to be validated on the “Software Development Life Cycle”??

All this nerd talk and the thread will turn back to Lurping talk.
"You are aware that this isn’t really a legitimate venture?"
Can you clarify what you mean by this? We have a development team, yes. You can't just one-click setup a site like this in wordpress or something.

It takes a lot of time and money to develop a custom built site with a custom payment processor, live messaging, reviews, order updates, etc. I know it seems very simple on the surface, but it's not.

I get where you're coming from, but we can't have a productive conversation if every time I offer an explanation, it's just regarded as "nerd talk/gibberish" or now, "illegitimate".
 
"You are aware that this isn’t really a legitimate venture?"
Can you clarify what you mean by this? We have a development team, yes. You can't just one-click setup a site like this in wordpress or something.

It takes a lot of time and money to develop a custom built site with a custom payment processor, live messaging, reviews, order updates, etc. I know it seems very simple on the surface, but it's not.

I get where you're coming from, but we can't have a productive conversation if every time I offer an explanation, it's just regarded as "nerd talk/gibberish" or now, "illegitimate".

Easy... by “Legitimate” I’m talking legal business.

I’m not punching your baby. Just clarifying to your soon to be intern that validation procedures that he may employ thru the course of his job are not applicable to a peddler of illegal PEDs and PED accessories.
 
maybe the time difference finally kicked in and he got tired...
It do be getting rough.

I guess I just don't see the point of this service. Amazon is as successful as it is because they provide a platform for vendors who have the ability to source a vast variety of products that people who don't have connections in the wholesale market don't have access to. There's a huge cost-savings compared to buying most things in a brick-and-mortar or on a single-company e-commerce site.

With this service, there's no real cost savings and I have to deal with yet another level of involvement when I can just e-mail my guy directly. If I use Brewly, I have to trust two people to not fuck things up instead of one. I have to trust the security of your website, deal with adding funds to your website etc. when I can just open Protonmail and say "hey, I need this" and transfer some BTC between wallets.

I really don't get it.

Edit: I just looked out of curiosity and the prices for most things on Brewly are nuts. $65 USD for tren E? Oh yeah...
I think realistically, for most people, it's a convenience thing. One place for everything kind of deal. I understand if you don't get it/it's not your cup of tea.

Totally respect that man, and I appreciate you at least taking the time to check us out :)

I agree with the vetting being necessary.

When you say it like that, it makes a lot of sense. It just all seems very childish and counter productive in the way in which it is handled. The "throw a bunch of shit at the wall and see what sticks" method isn't very useful. It seems some people come on here just to get their aggression and frustration from daily life out.

No I don't trust him, but to be fair I don't trust anyone that sells AAS. I just have a supplier that I "least distrust".
Yeah we think a more formal review process is a more efficient, objective form of vetting. Customers can place reviews, it affects ranking/visibility. Simple, just like any other marketplace or even DNM. If the DNM can do it with hard drugs, why can't we do it with AAS?

Though of course we want to add more forum-like features for public discourse with vendors.
 
Easy... by “Legitimate” I’m talking legal business.

I’m not punching your baby. Just clarifying to your soon to be intern that validation procedures that he may employ thru the course of his job are not applicable to a peddler of illegal PEDs and PED accessories.
I see, my mistake then, I appreciate you clarifying.

Though, web development is web development. Someone reports an issue, we look into it, if we can replicate it, we fix it.
 
Question for ya...

This order information that you were able to hack into. Was that an active order that hadn’t been deleted yet or was I right in assuming that even though that info appears deleted it’s still floating around?
Make a dummy order right now (you don't have to pay it) then delete the info. I'll post you a screenshot of what I see from admin dashboard. Use fake info if you're scared.

Of course, you won't believe me though.

I don't understand why you think we'd save that information? How does it benefit the growth of Brewly or help our bottom-line?

The system works here. Brewly is not a source and should not even have a thread here.
Fair enough, thanks for considering Brewly.
 
Make a dummy order right now (you don't have to pay it) then delete the info. I'll post you a screenshot of what I see from admin dashboard. Use fake info if you're scared.

Of course, you won't believe me though.

I don't understand why you think we'd save that information? How does it benefit the growth of Brewly or help our bottom-line?


Fair enough, thanks for considering Brewly.

Can we see a screenshot of your BTC balance to see that you actually have the 10k to pay out on that proposed bounty?
 
Can we see a screenshot of your BTC balance to see that you actually have the 10k to pay out on that proposed bounty?
Screenshot is useless my friend.

Bitcoin is however a wonderful piece of tech that allows to sign a message with an address - providing an irrefutable piece of evidence.

I just mentioned that because it's interesting bit of cryptography if you feel like looking it up.
 
Eg.


Address: bc1q0perwtw72em6tvu3dy5nnpfcpwhseuqxndf8vw
Signature: IAfzk0beHPWm3G60ttLBkDIBw1JMPPtHNV+LKNNXzC09TvRRnC4u0lHJKkh2FazogRtNj3ag2WBDo+OwGgyIaKM=
Message: I love penis.

Proves that I am owner of the BTC wallet bc1q0perwtw72em6tvu3dy5nnpfcpwhseuqxndf8vw

Cheers
 
I don't understand why you think we'd save that information? How does it benefit the growth of Brewly or help our bottom-line?

It honestly hasn’t crossed my mind that you guys are saving personal info. It’s more of a tech concern. There are other platforms where I know deleted post, pics, etc are still stored


Of course, you won't believe me though.

I’ve had a peek behind the curtain. Pretty hard to gain trust after that.
 
Back
Top