[Invalid] New Exploit

[24khost]

[Link Removed]

 

According to the dasterdly group ugnazi there is another issue!

[Matt]

Thankfully this is what the patch was for on Tuesday but posting the link could be putting more users at risk. Please don't do it.

[24khost]

This was evidently release and poste at webhosting talk also. Just posted 14 minutes ago via ugnazi. Wasn't trying to risk peoples data but it was already floating around and the largest webhosting forum in the world.

[Matt]

The link was not posted on WHT.

[24khost]

Ahh sorry next time won't post a link.

[easyhosting]

This was evidently release and poste at webhosting talk also. Just posted 14 minutes ago via ugnazi. Wasn't trying to risk peoples data but it was already floating around and the largest webhosting forum in the world.

 

that does not mean you have to post the link on this forum, especially when Matt and the team have stated on many posts not to post links to exploits or exploit texts.

[24khost]

I hae not read those forums. I just came back to using whmcs.

[Strother]

Best practice if you learn of an exploit would be to PM Matt to make sure he is aware of it. Then he can decide if action is needed.

 

When you post the link, you just give the other rogues in the gallery something to jack with.

[easyhosting]

Best practice if you learn of an exploit would be to PM Matt to make sure he is aware of it. Then he can decide if action is needed.

 

NO best action is to submit a support ticket

 

When you post the link, you just give the other rogues in the gallery something to jack with.

 

I agree, this is why links will be removed, but by the time it is reported to the time a mod or team members gets to remove it, this coulds have been viewed and copied by thousands of people. so best practice is dont post them.

[disgruntled]

Best practice if you learn of an exploit would be to PM Matt to make sure he is aware of it. Then he can decide if action is needed.

 

When you post the link, you just give the other rogues in the gallery something to jack with.

 

 

Very well said, dont spill it all over the forum, ofcourse you might want to notify us that there is an exploit and its been reported. but you only need to report its severity, im sure matt would do that as soon as its patchable anyway.

[lance]

lots popping up about the boleto thing...... can we just not remove this folder from our installs?

[easyhosting]

lots popping up about the boleto thing...... can we just not remove this folder from our installs?

 

you can if you dont use it

[lance]

easyhosting - thanks for the confirmation

[Strother]

Securing the folder as suggested in Matt's recent security advice would be a better route. It's not the known exploit you have to be afraid of, it's an unknown one!

[lance]

have already secured folders as per the security bulletin, this is just an extra step