1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHMCS is written by monkeys

Discussion in 'BlackHat Lounge' started by mazgalici, Oct 19, 2013.

  1. mazgalici

    mazgalici Supreme Member

    Joined:
    Jan 2, 2009
    Messages:
    1,489
    Likes Received:
    881
    Home Page:
    Last edited: Oct 19, 2013
  2. assassinmarketing

    assassinmarketing Regular Member

    Joined:
    Jun 16, 2010
    Messages:
    248
    Likes Received:
    179
    Occupation:
    SocialPrenuer
    Location:
    Darkside
    I agree way too easy to penetrate
     
  3. SPPChristian

    SPPChristian Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 20, 2012
    Messages:
    1,221
    Likes Received:
    239
    Location:
    United States
    Home Page:
    WHMCS its a very complex PHP Written Software, and of course there are a lot of SQL Injection vulnerabilities, also this its the main reason why the code its encrypted with IonCubeLoader
     
    Last edited: Dec 9, 2013
  4. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    Hello, what r u talking about?

    what does encrypting the code with ICL got to do with shitty coding practices?
     
  5. SPPChristian

    SPPChristian Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 20, 2012
    Messages:
    1,221
    Likes Received:
    239
    Location:
    United States
    Home Page:
    the code its hidden from public eyes and from my personal opinion (hide vulnerabilities) its one of the reasons why the code its encrypted.

    This its an example of WHMCS SQL Injection Vulnerability
    Code:
    [URL]http://www.exploit-db.com/exploits/29065/[/URL]
     
  6. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    That is not why its encrypted. Its encrypted because its a "buy it you own it license". I should know, iv owned it for more than 4yrs and I purchased it.

    That exploit is OLD. the lastest version is newer than 5.2.8
     
  7. SPPChristian

    SPPChristian Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 20, 2012
    Messages:
    1,221
    Likes Received:
    239
    Location:
    United States
    Home Page:
    the full source code its encrypted , not only parts of it. I told you that this its MY Personal Opinion :) !
    We are also using whmcs since their 3th or 4th release I can't remember how many years ago, and i find the software very complex and handy.
    If you make the Security updates in the moments they are released you will have no problems using it.
    I know that the exploit its old, i just gave you an example :) cause i tough you don't know what its an sql injection
     
    Last edited: Dec 9, 2013
  8. AquaticGamer

    AquaticGamer Jr. VIP Jr. VIP

    Joined:
    Apr 13, 2013
    Messages:
    4,087
    Likes Received:
    1,517
    Gender:
    Male
    Location:
    http://www.AQSocials.com
    Home Page:
  9. myownhero

    myownhero Power Member Premium Member

    Joined:
    Mar 13, 2012
    Messages:
    763
    Likes Received:
    713
    Occupation:
    SEO Analyst / Link Builder
    Location:
    United States
    Home Page:
    Because of all the papal monkeys they save. It all comes down to makin' da monkeys.
     
    • Thanks Thanks x 1