WHMCS - finally a positive move
- Thread starter MartinD
- Start date
![matt[scrdspd]](/data/avatars/m/0/318.jpg?1493429414){kind=avatar}
That was my first initial thought as well. However, It makes on wonder why have they not chosen and hired a company/team to do this already. One would have thought this would have happened months (if not weeks) ago by now.
Amitz
New Member
drmike
100% Tier-1 Gogent
Only way to approach this as the person with the exploits is with a real contract up front that clearly says this isn't a setup and they won't attempt prosecution or civil action.
Going naively to help them --- in pursuit of money --- usually ends up with legal action.
They need to farm the project out to a real firm and get to improving the codebase.
Going naively to help them --- in pursuit of money --- usually ends up with legal action.
They need to farm the project out to a real firm and get to improving the codebase.
RiotSecurity
New Member
I guess it wouldn't help the fact that their database has been leaked over the internet (as of yesterday) and that the admin login hashes were cracked.
Wait, there was a new DB leak?
drmike
100% Tier-1 Gogent
Ahh who was hacked exactly?
RiotSecurity
New Member
WHMCS.
Ahh, I assume its because WHMCS, uses WHMCS. They are very high priority for these types of things. IIRC they use cloudflare now, I assume for the WAF features.
However, I am glad to see they are acknowledging their issue. Though, it is unfortunate it has taken them this long to realize that there is a problem. Many, many companies were hurt by automated whmcs exploit scripts, something in the several thousands of whmcs installations have hidden accounts.
RiotSecurity
New Member
Alright, so I have to touch on a few things here, which they claim a "positive move" towards security.
As per this image here:
"Meeting face to face"
More like lawsuit face to face.
"Matt (CEO)"
Let's just stop right there, I've sent in countless bug reports, hell even talked to Matt via skype, he really doesn't give a damn about security.
So let's look at what that email really says:
"Is there any way I could lie to you to get your address?
I really want to sent you a lawsuit.
Matt (CEO) and I are eally pissed off right now.
We will be your worse nightmare if you're this stupid
--
Aaron
"
I couldn't honestly stop laughing for a while. In all seriousness, if they do get a security audit done, then I will applaud them.
As per this image here:
"Meeting face to face"
More like lawsuit face to face.
"Matt (CEO)"
Let's just stop right there, I've sent in countless bug reports, hell even talked to Matt via skype, he really doesn't give a damn about security.
So let's look at what that email really says:
"Is there any way I could lie to you to get your address?
I really want to sent you a lawsuit.
Matt (CEO) and I are eally pissed off right now.
We will be your worse nightmare if you're this stupid
--
Aaron
"
I couldn't honestly stop laughing for a while. In all seriousness, if they do get a security audit done, then I will applaud them.
Last edited by a moderator:
wlanboy
Content Contributer
I was wondering why noone was using the exploits against WHMCS.
Maybe they are now seeing that they have to do something.
Exactly, and so therefore, very suspicious. It would be less suspicious if Aaron didn't word that email the way he did - 'can fly anywhere in the world' and 'we are friendly and good people'. Lol. I mean, c'mon, who writes a proposal email that way?