Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS 6 - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS 6

2

Comments

  • @Dillybob said:
    I'll make a video about the exploit in WHCMS soon too. Chill.

    Or you can jost post it like a normal person and report it so WHMCS can fix the issue...not wait for you to make a video

  • AnthonySmithAnthonySmith Member, Patron Provider

    Dillybob said: I'll make a video about the exploit in WHCMS soon too. Chill.

    Or report it through the bounty program and get a few $k like any normal person.

    Thanked by 1OnraHost
  • DillybobDillybob Member
    edited July 2015

    OnraHost said: Or you can jost post it like a normal person and report it so WHMCS can fix the issue...not wait for you to make a video

    Why would I report an exploit to a company that uses ioncube to 'protect their code' that make it a living hell for consumers?

  • LeeLee Veteran

    Stop feeding the troll, there is no exploit, that he has found anyway.

    Thanked by 2OnraHost Peroni
  • alexvolk said: Some code rewrite started since cPanel acquired WHMCS. It doesn't take years to rewrite if you've enough developers and not family members like in Blesta.

    Some isn't a full re-write and it does if you do it with security in mind and every add-on they have. All they've done as most people have said here is a newer UI using the latest bootstrap finally, not the best design because they have a navy bar with grey hovers.

    And they've added a few nicer order form designs. Blesta since you mentioned it, has 3 developers yes, who work hard every day coding bits for the new version and fixing any bugs if any arises. They work in the same office checking code for security issues as they go along… Bug forum: http://www.blesta.com/forums/index.php?/forum/22-bugs/ (Nothing has been removed from there).

    alexvolk said:
    Bugcrouwd shows that WHMCS interested in fixing and paying money for reported issues. Blesta's family members are not interested in fixing bugs and instead blaming people!

    HAHA you really believe that? really? They only did the bug crowd because:

    1. They don't want security experts like localhost.re releasing exploits in the public as they can get cash for it.

    2. They paid a security expert for a Unauthorized Remote Code Execution exploit 1K when they state up-to 5K, isn't a Unauthorized RCE classed as a very very bad exploit to you or just a little exploit not worth securing?

    They really are interested in fixing them… What about telling their customers about the exploits, over a year and they still haven't told you what was fixed in a security patch.

    Come on get real right?

    You must love this:

  • @Dillybob said:
    Why would I report an exploit to a company that uses ioncube to 'protect their code' and make it a living hell for consumers?

    Yeah, you didn't find any exploit... That literally has to be the most idiotic statement i've ever heard in my life.

  • @Dillybob said:
    Why would I report an exploit to a company that uses ioncube to 'protect their code' that make it a living hell for consumers?

    Because that's what any normal person would do, instead of wasting everyone else's time and there own making "videos"

    Thanked by 1OnraHost
  • DillybobDillybob Member
    edited July 2015

    OnraHost said: Yeah, you didn't find any exploit... That literally has to be the most idiotic statement i've ever heard in my life.

    Ugh.. just because they use iconcube doesn't mean it cannnot be decoded and the source be revealed :).

    That's my point, they spent all this time to protect their code to make it a living hell for the consumer to edit / find exploits, why should I be under any obligation to help them?

  • LeeLee Veteran

    Licensecart said: Blesta since you mentioned it

    You were almost foaming at the mouth getting your Blesta pitch ready.

    Thanked by 2k0nsl chickendippers
  • Lee said: You were almost foaming at the mouth getting your Blesta pitch ready.

    He has a Google Alert for "blesta site:lowendtalk.com" setup, I think.

  • AnthonySmithAnthonySmith Member, Patron Provider
    edited July 2015

    Dillybob said: Ugh.. just because they use iconcube doesn't mean it cannnot be decoded and the source be revealed :).

    Go for it then prove your point and I will forever STFU and stand down as a moderator and then make a youtube video saying how wrong I was about you and that you are actually an excellent asset to the community that should be listened too and donate $100 to the charity of your choice.

    If you don't do this within 24 hours you need a timeout, I am tired of your derailments and literally adding nothing positive to the community, you instigate so much drama it is getting tiresome.

    Alternatively you can simply apologize to everyone.

  • LeeLee Veteran

    AnthonySmith said: $100 to the charity of your choice.

    Raised to $200.

  • @Lee said:
    You were almost foaming at the mouth getting your Blesta pitch ready.

    Lee, where on earth did I mention anything related to Blesta in my post, I was stating the obvious it doesn't take a few months to re-code whmcs you use it to know how many files are in it and modules / add ons they have which would need to be recoded. You do own a web host don't you? And you also can see from what I linked to ModulesGarden have to re-write their add ons to work on V6… But hey time will tell.

  • @Lee said:
    You were almost foaming at the mouth getting your Blesta pitch ready.

    This is the most funniest post yet on licensecart's blesta pitch everyone has heard over and over again lol.

  • LeeLee Veteran

    Licensecart said: Lee, where on earth did I mention anything related to Blesta in my post

    Playing with yah, saves you doing it yourself :)

  • AnthonySmith said: If you don't do this within 24 hours you need a timeout, I am tired of your derailments and literally adding nothing positive to the community, you instigate so much drama it is getting tiresome.

    I smell the banhammer coming lol

    @Dillybob I would recommend start apologizing to everyone now lol

  • LeeLee Veteran

    Licensecart said: You do own a web host don't you?

    Several at various %'s of ownership. The largest of which I forced onto HostBill against the others will because I was not comfortable with that particular customer base being reliant on WHMCS.

    It has bugs and needs work, I have never said any different. They are sitting on significant cash from cPanel which I hope is going into work we can't see at this moment or perhaps just have with the new version.

    I would have preferred cPanel to have a more visible connection in the company to force better practices however not so.

    You are right, we will see.

  • @Licensecart localhost.re published exploits for hostbill and clientexec too.

    Blesta were not touched? Why ? It's because only:
    %0,0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001

    hosts use it! So there is no point to even touch this crap!

    Does that make sense for you?

    Blesta will be never popular due to family members who ignore bugs and you! Yes you, the person who tries to say that Blesta is better and blaming WHMCS every time to sell more licenses!

    I can understand, you're just scared that soon WHMCS will be better and Blesta's sales will drop completely.

    If you say that WHMCS has only a new template and code was not changed, then please kindly show some proofs. Code maybe easily backported to support old addons/modules making easier to use with new version.

    People will choose what to use and posting that Blesta is better while the same time blaming WHMCS will only hurt blestas crap!

  • I'd rather choose the alternative..how do you want the apology done?

  • AnthonySmithAnthonySmith Member, Patron Provider

    Dillybob said: I'd rather choose the alternative..how do you want the apology done?

    That will do.

  • NekkiNekki Veteran

    @Dillybob said:
    I'd rather choose the alternative..how do you want the apology done?

    Cash.

  • @AnthonySmith said:
    That will do.

    If I do find one in the future though once I decode their newest ioncube algorithm i'll let you know via PM. It would be a lot easier to find the exploits if I could just get the source though.

  • I already posted a SQL vulnerability for Low End Talk like 2 weeks but it seems like no one cares as it's still working:

    Just a matter of time before someone crafts up a query that will display information.

  • LeeLee Veteran

    Dillybob said: I already posted a SQL vulnerability for Low End Talk like 2 weeks but it seems like no one cares

    That's because people are fed up telling them about the issues with Vanilla.

  • DillybobDillybob Member
    edited July 2015

    @Lee said:
    That's because people are fed up telling them about the issues with Vanilla.

    Who Anthony or the people at Vanilla? lol Why don't they just fix it on their end. Should I post it on the vanilla forums?

  • LeeLee Veteran

    The admins here, we can't even get simple addons on here or it breaks the current build or something like that.

  • @Lee said:
    The admins here, we can't even get simple addons on here or it breaks the current build or something like that.

    Is LET using http://vanillaforums.com/plans or are they running Vanilla by source?.

    If LET is using the vanilla plans, that's most likely why, probably a ton of issues. Would probably be better to get the source off github and do a manual installation and have at with addons, etc, whatever. Not entirely sure though.

  • LeeLee Veteran
    edited July 2015

    Source, CC moved it to a plan after the big hacking event that let everyone have access to the admin panel, but Vanilla could not handle it so they moved back to source.

  • AnthonySmithAnthonySmith Member, Patron Provider

    Its not an exploit, it shows a little bit of the query that anyone could lookup anyway with a copy of a default vanilla database, is is not inject-able and not a vulnerability.

  • DillybobDillybob Member
    edited July 2015

    @AnthonySmith said:
    Its not an exploit, it shows a little bit of the query that anyone could lookup anyway with a copy of a default vanilla database, is is not inject-able and not a vulnerability.

    I see. It just seems odd that db stuff would show that's all, but if you're 100% sure it's not inject-able it's most likely fine. Thanks for the confirmation, I will remove my video.

    All I wanted was some confirmation to show that you guys saw the video and knew about it :)

    Lee said: Source, CC moved it to a plan after the big hacking event let everyone have access to the admin panel, but Vanilla could not handle it so they moved back to source.

    Yeah good idea. Plus, those vanilla plans are ridiculously expensive (again, just my humble opinion)

Sign In or Register to comment.