amuck-landowner

New WHMCS exploit (10-18-2013)

MartinD

MartinD

Retired Staff
Verified Provider
Retired Staff
...what problems does it fix?

Instead of being cloak and dagger about it, post what you know and the evidence/proof to back it up. Otherwise you're just leaving everyone second guessing which does nothing to help people out.
 
trewq

trewq

Active Member
Verified Provider
MartinD said:
...what problems does it fix?


Instead of being cloak and dagger about it, post what you know and the evidence/proof to back it up. Otherwise you're just leaving everyone second guessing which does nothing to help people out.
Click to expand...
If he does that then it is public. I imagine it has been reported to whmcs.
 
concerto49

concerto49

New Member
Verified Provider
MartinD said:
...what problems does it fix?

Instead of being cloak and dagger about it, post what you know and the evidence/proof to back it up. Otherwise you're just leaving everyone second guessing which does nothing to help people out.
Click to expand...
So when someone posts an exploit they get bashed for not keeping quiet and notifying WHMCS instead. Now when someone doesn't post - also get bashed for not telling. Huh?
 
Increhost

Increhost

New Member
Verified Provider
Hope some time just WHMCS pay localhost to make a full code audit,

and give some secure coding teaching to their devs. :)
 
C

Cloudrck

Member
Verified Provider
Increhost said:
Hope some time just WHMCS pay localhost to make a full code audit,

and give some secure coding teaching to their devs. :)
Click to expand...
If they would bother to read the descriptions that go with the exploits he has posted they could apply fixes to code he hasn't exploited yet. Doesn't seem like they are doing this though.
 
A

apt

New Member
DalComp said:
What is still broken?

What does the "evil" lines do? Just changing to invalid license key or is there any other harm?
Click to expand...
The "evil" lines `eval` (haha), allowing for arbitrary code execution.
 
Last edited by a moderator:
MartinD

MartinD

Retired Staff
Verified Provider
Retired Staff
concerto49 said:
So when someone posts an exploit they get bashed for not keeping quiet and notifying WHMCS instead. Now when someone doesn't post - also get bashed for not telling. Huh?
Click to expand...
I asked what had been fixed, that's somewhat different. Why bother saying anything if you're not helping?


Completely different to publishing details and info on how to compromise someone's system.
 
J

jcarney1987

New Member
Yea I got a email from them last night and updated my WHMCS to 5.2.9 and it broke my mass mailing features.  I'm not sure if its the patch or not, but I've reupoaded several times and still can't get it fixed.  Anybody have that problem after updated to 5.2.9?
 
You must log in or register to reply here.
Top
amuck-landowner