# Clientexec - Its bad



## netnub (May 25, 2013)

After looking around, I discovered why not to use clientexec. Its because of its huge XSS and a few SQLi injections that are possible.

XSS: https://www.clientexec.com/members//order.php?step=subsearch&tld=false&name=1')%7B%7D%7Dalert('xss%20-%20you%20really%20need%20to%20fix%20this%20clientexec');function+x()%7Bif('

I won't post the SQLi's here, but I discovered this at localhost.re

Thoughts?


----------



## RootNerds (May 25, 2013)

I've used clientexec some years ago. I didn't like it at all. And security updates all the time. 

Thanks for bringing this issue to attention. (And everyone who uses ClientExec should consider changing to WHMCS/Blesta/...)


----------



## rsk (May 25, 2013)

It would be a good piece of software if only they considered some more thought into their security.


----------



## InertiaNetworks-John (May 26, 2013)

I've never seen a reason to use CE. It just seems like another boring billing system to me.


----------



## concerto49 (May 26, 2013)

It's not just the security issues, but usability and other factors.


----------



## JDiggity (May 26, 2013)

We like CE but they had a higher price and not as many options as WHMCS.  We switched for more options.


----------



## Kyle (May 26, 2013)

I don't like it, It's okay for a "budget" product, but they charge as much as WHMCS. If it was $8-9/month I would say it's worth it, but not for what they're charging. I agree with almost everyone else, WHMCS is a better option.


----------



## RootNerds (May 27, 2013)

Request to someone who is using it: Why are you using it? Are there any killer-features we're missing? And, finally, did you use WHMCS?

Always wondered why there are people who use CE, there must be a reason!


----------



## Reece-DM (May 27, 2013)

Wow CE - I'm shocked thats still around ModernBill disappeared eventually.

Always was a no no for me the its not user friendly neither is it admin-friendly I'm surprised that over the years (*AND ITS BEEN SOME YEARS!*) they haven't sorted there act out and whooped WHMCS' ass or let alone reconsidered making CE a better solution.

Bringing back some memories now :')


----------



## DamienSB (May 31, 2013)

I am a little shocked that nobody has attempted to make a better software than any of the others, and actually do it better. There does need to be more choice between billing softwares for this. Right now WHMCS and the very few others can do whatever they want because there is nobody else anyone can switch to.


----------



## Francisco (May 31, 2013)

I used CE in a previous life and man was it bad.

They had this option where you could click it and it would charge credit cards for their months dues if for whatever reason you aren't using a cron.

Well, the owner of that company used to click on it every few days seeing if there was any missed charges (fair enough). The problem is CE completely *botched* the code and every time he clicked on it, it was charging people.

We had a client that literally signed up that month come in a few weeks later screaming at us because he suddenly had $600 in charges to his card for a $50/m colo.

Francisco


----------

