Leaderboard

Hi guys, I just spot a critical and dangerous vulnerability in a third-party component of WHMCS. I would like to share info but the thing is that as soon as I reveal details, all lamers will start exploiting it. I'm pretty sure that no one other than me and my clients know anything about it. Let me give you a bit of context: I underline that this is NOT caused by WHMCS but by a widely used third-party component When I say "critical" I mean that you can lose real money and cause enormous legal troubles The issue has been already reported by me a month ago to the developer in question but no fix so far Only few minutes ago I discovered how it can be exploited to cause harm I have already shared updated details with the developer in question. They are checking it The fix is pretty easy. It takes few seconds. I just finished securing a dozen of my clients I think I'll stay quiet for now so that the developer can do his job but the fix will require providers to perform an update. We all know most people ignore software updates unless there is a security issue. So what if the developer refuses to admit the issue? Should I post something here our tell the story to people like @WHMCS John @WHMCS ChrisD so that I can go back to my business? p.s. As soon as the update is available, I'll post here without mentioning the name of the module... this way you simply need to update all modules you have 🤣 Edit: I sent a DM to John to make sure WHMCS is not affected. I'm 99% sure that it is all right but I can't see encrypted files (have no time to decrypt it) so let's wait 🤞

Hi all, I am wondering if this is possible to do. Can I add a promocode to a data feed so that when I display the product on an external page it displays the "sale" price and not the before sale price? For example something like this: <script language="javascript" src="/feeds/productsinfo.php?pid=1&get=price&billingcycle=annually&promocode=PROMO"> Has this been done before? Would it be a case of changing the config in feeds/productsinfo.php somewhere? Would be handy if it could be, or even if a future release can have a "Sale" price in the product pricing. Thanks Aaron

@SIDEGURU can you please paste in the .htaccess file here, I am having the same issue. Thanks

It's working just fine for me on my own site. Sorry I can't be more helpful.

a WHMCS client area page can usually be considered as a header (header.tpl), the main body (specific .tpl for that page's purpose) and a footer (footer.tpl) - so logos, menu etc would be in header.tpl, but it will call various sub-templates, e.g includes/navbar for the top menu (i'm thinking of the Six template layout) - but navbar.tpl is just used to output the navbar array - the array(menu) is normally modified using hooks not by manipulation of the template.... though if you're replacing the navbar with your own menu system, then that might not really matter.

For announcements you can use the hook I posted before. For other pages (index, about, clientarea, register, pwreset, supporttickets...) it's easier. Begin by creating meta descriptions in your language file like follows (use language overrides!): $_LANG['metadescription']['index'] = "We are the best hosting company"; $_LANG['metadescription']['clientarea'] = "Manage renewals, download invoices, submit tickets..."; $_LANG['metadescription']['register'] = "Register an account with us"; Use file names (index.php, clientarea.php, register.php...) as keys. Now open your templates/{YOUR_TEMPLATE}/includes/header.tpl and add the meta tag in your <head> tag. {if $LANG.metadescription[$filename]} <meta name="description" content="{$LANG.metadescription[$filename]}" /> {/if} Meta description automatically shows up if there's an available description for current page.

The ccTLD registry URL for domain availability is: https://pk6.pknic.net.pk/pk5/lookup.PK?name= and available string token is "Domain not found". So whois.json should be as below: [ { "extensions": ".pk,.com.pk,.net.pk,.org.pk", "uri": "https://pk6.pknic.net.pk/pk5/lookup.PK?name=", "available": "Domain not found" } ] Alternatively, if WHOIS server on standard port 43 is desired, Paknic WHOIS server is here: whois.paknic.com Hope this help!

ea- is cPanel PHP, alt- is CloudLinux. Try looking for a .htaccess or php.ini file in the home directory of the account. Rename it to something else and try again.