[ask]whmcs user detail change

Discussion in 'Masalah Teknik dan Keamanan' started by el_makong, 27 Oct 2013.

Thread Status:
Not open for further replies.
  1. el_makong

    el_makong Hosting Guru

    Messages:
    1,095
    Likes Received:
    101
    Trophy Points:
    63
    mau tanya,apa ada pengaturan untuk ngelimit user buat ngerubah detail?
    jadi misalnya ada user baru register,musti d approve dulu baru bisa pake layanan apapun...
    trus kalo user mau change detail juga harus d periksa...
    settingannya dimana ya?
    soalnya dapet jatah inject nih kyknya...
    Code:
    Client ID: 11 - hos hosting has requested to change his/her details as indicated below:
    
    First Name: 'hos' to 'AES_ENCRYPT(1,1), firstname=(SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)'
    Last Name: 'hosting' to '1'
    Company Name: 'hosting' to '1'
    Address 1: 'surabaya' to '1'
    Address 2: 'surabaya' to '1'
    City: 'surabaya' to '1'
    State: 'jawa timur' to '1'
    Postcode: '036' to '1'
    Country: 'ID' to 'US'
    Phone Number: '085637282644' to '1'
    Default Payment Method: '' to ''
    
    If you are unhappy with any of the changes, you need to login and revert them - this is the only record of the old details.
    jadi barusan saya revert database n lsg update ke 5.2.12..untung blom ada active order minggu ini...>.<


    tambahan,sempet ada user register pake email maulanaiqbal549@gmail.com n kyknya langsung exploit..kalo ada yg kenal,hajar plz...tq
     
  2. el_makong

    el_makong Hosting Guru

    Messages:
    1,095
    Likes Received:
    101
    Trophy Points:
    63
    soal yg buat ngedit user detail ktemu d setup -> general settings -> other
    d bagian Locked Client Profile Fields

    tinggal buat ngelimit register nih..

    kalo " Only Auto Provision for Existing Tick this box to always leave orders by new clients pending for manual review (no auto setup/registration) " itu ngaruh gak y?
     
  3. dhyhost

    dhyhost Hosting Guru Web Hosting

    Messages:
    3,922
    Likes Received:
    612
    Trophy Points:
    113
    saya malah kemarin ada yg kyk pke email abc@yahoo.com
    eh tiba-tiba dia chat ym pke email itu minta trial hosting, huft...
     
  4. localhost

    localhost Apprentice 2.0

    Messages:
    576
    Likes Received:
    39
    Trophy Points:
    28
    disaya langsung terminasi semua kalau ada layanan aktif
     
  5. el_makong

    el_makong Hosting Guru

    Messages:
    1,095
    Likes Received:
    101
    Trophy Points:
    63
    nyah..kalo masih ngehubungin via chat mah enak...lah ini tiba2 langsung change detail tanpa ada order apa2..

    kalo layanan aktif,mending...soale udh bayar juga...lah ini register gk jelas,tiba2 ada command sql..parah juga...lsg terminate,restore db,update.wakakakka
     
  6. andhi

    andhi Hosting Guru

    Messages:
    1,678
    Likes Received:
    132
    Trophy Points:
    63
  7. el_makong

    el_makong Hosting Guru

    Messages:
    1,095
    Likes Received:
    101
    Trophy Points:
    63
  8. LIMS

    LIMS Poster 2.0

    Messages:
    137
    Likes Received:
    51
    Trophy Points:
    28
    hilangin centang ini aja allow registration without ordering any products/services di general, mungkin bisa menambah dikit pencegahan :D
    terus --> Locked Client Profile Fields centang username dan email

    semoga membantu.
     
    sani and el_makong like this.
  9. sani

    sani Poster 1.0

    Messages:
    51
    Likes Received:
    5
    Trophy Points:
    8
    Ini sebenarnya masih bug atau enggak sih? :39:
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...