New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
+1 on this, I would rather patch the same file numerous times as long as the initial exploit is fixed asap. The current situation of everyones installation being known it is imperative that an initial fix is released asap.
@Kujoe ok, you can't review your code (although you could go through it putting some more thought in it). Then hire someone to review it. Or remove the encoding from the file, so "The People" can review it. After all it is not so big file. And i doubt someone having the source for this single file will be able to steal the entire whmcs...
There is reported to be bugs when you use special, non-english characters but other than that I don't see any problems with it on my installation (not using the new default theme though).
Grab the patch again,
Okay, I am unable to download the "new" patch for this. Anywhere I can find it? Hell I'll even take an email of it.
First, they release the patch through solus, WHT, pastebin and I don't know what else. And when they realize the patch is not working correctly, instead of releasing a new patch they edit the existing one (without even notifying anyone about it)? Sorry, but that's not the right way to do things ...
Check my last post, the link I posted has a paste bin of the latest version of it, replace with dbconnect in root tree.
I know it's posted all over the place now but I've uploaded the zip of the patch if any of the other locations aren't working for you: http://199.167.29.3/may29patch.zip
I'm a bit confused, someone can print an md5 of the latest working patch?
What is the error experienced with the first patch?
For those confused which dbconnect.php is which, here are the md5sums:
d68702291bfd5a6016b8fd18ba5022e8 dbconnect.php
7bb256bcd8bac14d3382342fc21259be dbconnect.php.may292012fuck1
a0354d671de8c1d10728122a8eb6bf18 dbconnect.php.oct162011fuck
d68702291bfd5a6016b8fd18ba5022e8 is for the second (latest?) version of today's patch.
@KuJoe Is that the patch of the patch or "just" the patch?
@KuJoe is that the updated version?
Does anybody think that WHMCS just paid one of the hackers so they don't get embarrassed more?
@lele0108 what do you mean? pay them for what?
@Amitz @Fliphost That's the patch I'm running on SD, I tested it and it's working properly for me (no errors, orders go through fine, tickets open, etc...).
it's for Version 4.0 and later only?!!
Why would you still be on 3.6
I use Version 5.0.3. i just ask that all
Wait... did a mod delete my post linking to the patch code? So we can post the full WHMCS database, but we can't let people see what needed to be patched? Sigh. I'm not even going to try anymore. You guys are going to get raped if you keep using WHMCS. That is all. I could show you why, but apparently that's not allowed anymore.
You do realize that decoding their files is against the EULA and probably illegal, posting them publicly is even worse. Give people a few days to patch up before you continue (if my assumption of what you're trying to do is correct, doing it now will cause more harm. WHMCS is aware of everything that they need to be of, at this moment)
Because you releasing it puts installs that have not been updated at risk! You don't need to put any more pressure on WHMCS.
WHMCS, sinking faster than Facebook's IPO
Yeah. Because me releasing it is going to put it in the wild. It's totally not there already. I never understood censoring things like that... the people who will use the code, already have it. Those who need to protect themselves from it, are denied. shrug
I'm sure it was more of a liability for LET than anything else. I'm sure the last thing they want is a DMCA notice directed to a datacenter that was willing to take them during the DDOS fiasco a while back.