Jump to content

kingsleymensah

Member
  • Content Count

    62
  • Joined

  • Last visited

Community Reputation

5 Neutral

1 Follower

About kingsleymensah

  • Rank
    Member

Recent Profile Visitors

877 profile views
  1. Hey, i found the fix.... turned out there was nothing wrong with my WHMCS but one of my clients was taking backups and storing in file manager so basically i hit the limit of my storage. i found it and removed them ASAP.
  2. Hello, i have been using WHMCS for the past 3 yrs and just now a client placed an order and package creation failed so i went in there only find out that WHMCS cannot find find cpanel packages anymore. What could be the problem? https://prnt.sc/12x70p3
  3. Hello, i created a product group where i have assigned my new reseller packages i created to ( https://prnt.sc/utf4io ) I don't know why but they are not visible to existing clients ( https://prnt.sc/utf8he ) but only visible to new signups.( https://prnt.sc/utfa3s) where did i go wrong??
  4. Ok, so i solved this by switching the server group option to "Add to the least full server" https://prnt.sc/uszi4y Now a new issue has come up... I was able to fetch and assign the packages in WHMCS alright but now the product group does not display the reseller products to existing clients with existing products already https://prnt.sc/uszm2k P.S these are reseller packages i created
  5. Hello, I added a new server to my WHMS and test connection was successful !. I got to module section of setting up product but it cannot find any of the packages i created https://prnt.sc/uswnif The error message says "No server found" I actually added the server to a group too
  6. Hi guys, i received an email from someone claiming to be a pentester and he says he found a vulnerability in my WHMCS Here is what he sent: "I am a security researcher and I found this vulnerability in your website https://kingscel.com/ Bug type : UI Redress Impact : Phishing (account compromise) Description : Click jacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both. Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. POC: <html> <head>UI REDRESSING</head> <body> <h1>WEBSITE IS VULNERABLE TO UI REDRESSING</h1> <iframe width=100% height=80% src="https://mydomain/whmcs/clientarea.php"></iframe> </body> <html> Impact: Any User can be lured in to click on whats look like a functionality of the website but is actually an attackers frame button containing some malicious javascript code or redirection code leading the user to a vulnerable site . And as the vulnerability persists even after the user is logged in which makes it even more sever. Suggested Fix: Add an iframe destroyer in the page headers. Please let me know if any more info needed ! Waiting for your reply and hopefully a bug bounty for responsibly reporting the issue ... Note: i am attaching a screenshot as proof of concept waiting for your response." Note: he just took a screenshot of my client area login page Should i be concerned?
  7. Well i just did but no errors displayed. could it be from the custom payment gateway module?
  8. I upgraded my php version on my server to 7.3 and whmcs broke. NB: i checked php version compatibility in WHMCS first which shows no compatibility errors before upgrading to php 7.3 Oops! Something went wrong and we couldn't process your request. Please go back to the previous page and try again.
  9. I realized port43whois.nic.gh seems to somehow stopped working so i changed to their whois form just like you did and it works fine now. Thanks a lot.
  10. Immediately i did that, i started getting error 503 on all WHMSC pages. They work fine when i delete custom whois.json file. Any suggestions here?
  11. with the custom file do i name it "whois.json" or i can name is lets say "gh.whois.json". Also do i have to duplicate the extensions of "dist.whois.json" to custom file or i just have to list in there the only custom extensions i would like to add.
  12. Never mind guys, i got it . It seems the problem was from the registrar. i realized even their whois page was not resolving but after some hours now it started working.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated