New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Or you can jost post it like a normal person and report it so WHMCS can fix the issue...not wait for you to make a video
Or report it through the bounty program and get a few $k like any normal person.
Why would I report an exploit to a company that uses ioncube to 'protect their code' that make it a living hell for consumers?
Stop feeding the troll, there is no exploit, that he has found anyway.
Some isn't a full re-write and it does if you do it with security in mind and every add-on they have. All they've done as most people have said here is a newer UI using the latest bootstrap finally, not the best design because they have a navy bar with grey hovers.
And they've added a few nicer order form designs. Blesta since you mentioned it, has 3 developers yes, who work hard every day coding bits for the new version and fixing any bugs if any arises. They work in the same office checking code for security issues as they go along… Bug forum: http://www.blesta.com/forums/index.php?/forum/22-bugs/ (Nothing has been removed from there).
HAHA you really believe that? really? They only did the bug crowd because:
They don't want security experts like localhost.re releasing exploits in the public as they can get cash for it.
They paid a security expert for a Unauthorized Remote Code Execution exploit 1K when they state up-to 5K, isn't a Unauthorized RCE classed as a very very bad exploit to you or just a little exploit not worth securing?
They really are interested in fixing them… What about telling their customers about the exploits, over a year and they still haven't told you what was fixed in a security patch.
Come on get real right?
You must love this:
Yeah, you didn't find any exploit... That literally has to be the most idiotic statement i've ever heard in my life.
Because that's what any normal person would do, instead of wasting everyone else's time and there own making "videos"
Ugh.. just because they use iconcube doesn't mean it cannnot be decoded and the source be revealed .
That's my point, they spent all this time to protect their code to make it a living hell for the consumer to edit / find exploits, why should I be under any obligation to help them?
You were almost foaming at the mouth getting your Blesta pitch ready.
He has a Google Alert for "blesta site:lowendtalk.com" setup, I think.
Go for it then prove your point and I will forever STFU and stand down as a moderator and then make a youtube video saying how wrong I was about you and that you are actually an excellent asset to the community that should be listened too and donate $100 to the charity of your choice.
If you don't do this within 24 hours you need a timeout, I am tired of your derailments and literally adding nothing positive to the community, you instigate so much drama it is getting tiresome.
Alternatively you can simply apologize to everyone.
Raised to $200.
Lee, where on earth did I mention anything related to Blesta in my post, I was stating the obvious it doesn't take a few months to re-code whmcs you use it to know how many files are in it and modules / add ons they have which would need to be recoded. You do own a web host don't you? And you also can see from what I linked to ModulesGarden have to re-write their add ons to work on V6… But hey time will tell.
This is the most funniest post yet on licensecart's blesta pitch everyone has heard over and over again lol.
Playing with yah, saves you doing it yourself
I smell the banhammer coming lol
@Dillybob I would recommend start apologizing to everyone now lol
Several at various %'s of ownership. The largest of which I forced onto HostBill against the others will because I was not comfortable with that particular customer base being reliant on WHMCS.
It has bugs and needs work, I have never said any different. They are sitting on significant cash from cPanel which I hope is going into work we can't see at this moment or perhaps just have with the new version.
I would have preferred cPanel to have a more visible connection in the company to force better practices however not so.
You are right, we will see.
@Licensecart localhost.re published exploits for hostbill and clientexec too.
Blesta were not touched? Why ? It's because only:
%0,0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
hosts use it! So there is no point to even touch this crap!
Does that make sense for you?
Blesta will be never popular due to family members who ignore bugs and you! Yes you, the person who tries to say that Blesta is better and blaming WHMCS every time to sell more licenses!
I can understand, you're just scared that soon WHMCS will be better and Blesta's sales will drop completely.
If you say that WHMCS has only a new template and code was not changed, then please kindly show some proofs. Code maybe easily backported to support old addons/modules making easier to use with new version.
People will choose what to use and posting that Blesta is better while the same time blaming WHMCS will only hurt blestas crap!
I'd rather choose the alternative..how do you want the apology done?
That will do.
Cash.
If I do find one in the future though once I decode their newest ioncube algorithm i'll let you know via PM. It would be a lot easier to find the exploits if I could just get the source though.
I already posted a SQL vulnerability for Low End Talk like 2 weeks but it seems like no one cares as it's still working:
Just a matter of time before someone crafts up a query that will display information.
That's because people are fed up telling them about the issues with Vanilla.
Who Anthony or the people at Vanilla? lol Why don't they just fix it on their end. Should I post it on the vanilla forums?
The admins here, we can't even get simple addons on here or it breaks the current build or something like that.
Is LET using http://vanillaforums.com/plans or are they running Vanilla by source?.
If LET is using the vanilla plans, that's most likely why, probably a ton of issues. Would probably be better to get the source off github and do a manual installation and have at with addons, etc, whatever. Not entirely sure though.
Source, CC moved it to a plan after the big hacking event that let everyone have access to the admin panel, but Vanilla could not handle it so they moved back to source.
Its not an exploit, it shows a little bit of the query that anyone could lookup anyway with a copy of a default vanilla database, is is not inject-able and not a vulnerability.
I see. It just seems odd that db stuff would show that's all, but if you're 100% sure it's not inject-able it's most likely fine. Thanks for the confirmation, I will remove my video.
All I wanted was some confirmation to show that you guys saw the video and knew about it
Yeah good idea. Plus, those vanilla plans are ridiculously expensive (again, just my humble opinion)