Results 1 to 10 of 16
-
10th Jan 2011, 07:47 PM#1
OPMemberWebsite's:
Elite.SO Defendos.com Motionite.com
Difference between Legit WHMCS & Nulled WHMCS (Explained)
Okay, so I'm making this thread to explain the users about WHMCS nulled.
Let's take the Nulledz WHMCS version: http://nulledz.com/threads/nulledz-w...-l0calh0st.22/
There are 3 files which are nulled of the thousands of files. As example I take "login.php"
This is the ioncube DECODED login.php, check the light yellow code. That code has been removed. That small code will check the license of WHMCS.
Some people, (actually a lot) think that nulled WHMCS are dangerous
I've just removed some small ORIGINAL code which is a license check.
Removed part:PHP Code:<?php
require '../dbconnect.php';
include '../includes/functions.php';
$result = select_query ('tblconfiguration', 'COUNT(*)', array ('setting' => 'License'));
$data = mysql_fetch_array ($result);
if (!$data[0])
{
insert_query ('tblconfiguration', array ('setting' => 'License'));
}
// if ($licenseconnectiontest)
// {
// echo '<strong>License Server Connection Test</strong><br>Result: ';
// $url = 'http://www.whmcs.com/index.php';
// $ch = curl_init ();
// curl_setopt ($ch, CURLOPT_URL, $url);
// curl_setopt ($ch, CURLOPT_TIMEOUT, 30);
// curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
// $data = curl_exec ($ch);
// if (curl_error ($ch))
// {
// echo 'Error - ' . curl_error ($ch) . '<br><br>';
// }
// else
// {
// echo 'Success<br><br>';
// }
//
// curl_close ($ch);
// echo '' . 'Data:<br><textarea rows="20" cols="120">' . $data . '</textarea>';
// exit ();
// }
$licensing->remoteCheck ();
if ($licensing->getStatus () != 'Active')
{
header ('Location: licenseerror.php?licenseerror=' . $licensing->getStatus ());
exit ();
}
if (($licensing->keydata['productname'] == 'Owned License' OR $licensing->keydata['productname'] == 'Owned License No Branding'))
{
$releasedate = '20101213';
$validversion = false;
foreach ($licensing->keydata['addons'] as $addon)
{
if ($addon['name'] == 'Support and Updates')
{
if ($releasedate < str_replace ('-', '', $addon['nextduedate']))
{
$validversion = true;
continue;
}
continue;
}
}
if (!$validversion)
{
header ('Location: licenseerror.php?licenseerror=version');
exit ();
}
}
if (($action AND $disableadminforgottenpw))
{
$action = '';
}
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>WHMCS Complete Billing & Support System - Login</title>
';
echo '<s';
echo 'tyle type="text/css">
<!--
body, td, th {
font-family: Tahoma, Arial, Helvetica, sans-serif;
font-size: 11px;
color: #333;
}
body {
background-color: #FFF;
margin: 0;
}
a, a:visited {
color: #000066;
text-decoration: underline;
}
a:hover {
text-decoration: none;
}
form {
margin: 0;
padding: 0;
}
input, select, textarea {
font-family: Tahoma, Arial, Helvetica, sans-';
echo 'serif;
font-size: 11px;
padding: 3px;
}
#login_container {
color: #333;
background-color: #FFF;
text-align: left;
width: 330px;
padding: 1px;
margin: 20px auto 10px auto;
border: 1px solid #CCCCCC;
}
#logo {
text-align: center;
margin: 0;
padding: 50px 0 0 0;
}
#login_container #login {
background-color: #EFEFEF;
text-align: left;
margin: 0;
padding: 10px;
}
';
echo '
#login_container #login_failed {
background-color: #FCF9D2;
text-align: center;
padding: 10px;
margin: 0 0 1px 0;
}
#login_container #extra_info {
background-color: #CCC;
text-align: left;
padding: 10px;
margin: 1px 0 0 0;
}
-->
</style>
';
echo '<s';
echo 'cript language="javascript">
function sf(){ document.frmlogin.username.focus(); }
</script>
</head>
<body';
if (!$action)
{
echo ' onload="sf()"';
}
echo '>
<div id="logo"><a href="login.php"><img src="images/loginlogo.gif" alt="WHMCS" width="205" height="62" border="0" /></a></div>
<div id="login_container">
';
if ($func == 'incorrect')
{
echo ' <div id="login_failed">
';
echo '<s';
echo 'trong>Login Failed. Please Try Again.</strong><br>Your IP has been logged and admins notified of this<br />failed login attempt.
</div>
';
}
if (!$action)
{
echo ' <div id="login">
<form action="dologin.php" method="post" name="frmlogin" id="frmlogin">
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="30%" align="right" valign="middle">';
echo '<s';
echo 'trong>Username</strong></td>
<td align="left" valign="middle"><input type="text" name="username" size="30" /></td>
</tr>
<tr>
<td width="30%" align="right" valign="middle">';
echo '<s';
echo 'trong>Password</strong></td>
<td align="left" valign="middle"><input type="password" name="password" size="30" /></td>
</tr>
<tr>
<td width="30%" align="right" valign="middle"><input type="checkbox" name="rememberme" id="rememberme" /></td>
<td align="left" valign="middle"><label for="rememberme" style="cursor:hand">Remember me until I logout.</label></td>
';
echo ' </tr>
<tr>
<td width="30%" align="right" valign="middle"> </td>
<td align="left" valign="middle"><table width="100%" cellpadding="0" cellspacing="0"><tr><td><input type="submit" value="Login" class="button" /></td><td align="right">Language: ';
echo '<s';
echo 'elect name="language"><option value="">Default</option>';
$adminlangs = array ();
$dh = opendir ('lang/');
while (false !== $file = readdir ($dh))
{
if (is_file ('' . 'lang/' . $file))
{
$adminlangs[] = substr ($file, 0, 0 - 4);
continue;
}
}
sort ($adminlangs);
foreach ($adminlangs as $temp)
{
echo ('' . '<option value="' . $temp . '"');
if ($temp == $language)
{
echo ' selected';
}
echo '>' . ucfirst ($temp) . '</option>';
}
closedir ($dh);
echo '</select></td></tr></table></td>
</tr>
</table>
</form>
</div>
';
}
else
{
if (($action == 'remind' AND !$disableadminforgottenpw))
{
if ($sub == 'send')
{
$result = select_query ('tbladmins', '', array ('email' => $email));
$data = mysql_fetch_array ($result);
$firstname = $data['firstname'];
$lastname = $data['lastname'];
$username = $data['username'];
$email = $data['email'];
if (!$email)
{
echo '<div id="login_failed">
';
echo '<s';
echo 'trong>Email Address Not Found</strong><br>Your IP has been logged and admins notified of this<br />failed reminder attempt.
</div>
';
}
else
{
$length = 10;
$seeds = 'ABCDEFGHIJKLMNPQRSTUVYXYZ0123456789abcdefghijklmnopqrstuvwxyz';
$str = null;
$seeds_count = strlen ($seeds) - 1;
$i = 0;
while ($i < $length)
{
$str .= $seeds[rand (0, $seeds_count)];
++$i;
}
$newpassword = $str;
update_query ('tbladmins', array ('password' => md5 ($newpassword)), array ('email' => $email));
$message = '';
if ($CONFIG['LogoURL'])
{
$message = '<p><a href="' . $CONFIG['Domain'] . '" target="_blank"><img src="' . $CONFIG['LogoURL'] . '" alt="' . $CONFIG['CompanyName'] . '" border="0"></a></p>';
}
$message .= '' . '<p>Dear ' . $firstname . ',</p><p>As requested, here is a new password for you to use to login to your WHMCS admin area.</p><p>Login Details<br>-------------------------------<br>Username: ' . $username . '<br>Password: ' . $newpassword . '</p><p>If you did not request this change, you should change your account login details as soon as possible.</p><p><a href="' . $CONFIG['SystemURL'] . ('' . '/' . $customadminpath . '/">') . $CONFIG['SystemURL'] . ('' . '/' . $customadminpath . '/</a></p>');
$mail = new PHPMailer ();
$mail->From = $CONFIG['SystemEmailsFromEmail'];
$mail->FromName = $CONFIG['SystemEmailsFromName'];
$mail->Subject = 'New Password Generated';
$mail->CharSet = $CONFIG['Charset'];
if ($CONFIG['MailType'] == 'mail')
{
$mail->Mailer = 'mail';
}
else
{
if ($CONFIG['MailType'] == 'smtp')
{
$mail->IsSMTP ();
$mail->Host = $CONFIG['SMTPHost'];
$mail->Port = $CONFIG['SMTPPort'];
$mail->Hostname = $_SERVER['SERVER_NAME'];
if ($CONFIG['SMTPSSL'])
{
$mail->SMTPSecure = $CONFIG['SMTPSSL'];
}
if ($CONFIG['SMTPUsername'])
{
$mail->SMTPAuth = true;
$mail->Username = $CONFIG['SMTPUsername'];
$mail->Password = $CONFIG['SMTPPassword'];
}
$mail->Sender = $mail->From;
}
}
if ($smtp_debug)
{
$mail->SMTPDebug = true;
}
$message = $message;
$message_text = str_replace ('</p>', '
', $message);
$message_text = str_replace ('<br>', '
', $message_text);
$message_text = str_replace ('<br />', '
', $message_text);
$message_text = strip_tags ($message_text);
$mail->Body = $message;
$mail->AltBody = $message_text;
$mail->AddAddress ($email);
if (!$mail->Send ())
{
echo '<div id="login_failed"><strong>An Error Occurred</strong><br />There has been an error sending the message></div>';
}
else
{
echo '<div id="login_failed"><strong>Success!</strong><br />A New Password has been Emailed to You</div>';
logActivity ('' . 'New Password Requested for Admin Username ' . $username);
}
$mail->ClearAddresses ();
}
}
echo ' <div id="login">
<form action="login.php" method="post" name="frmlogin" id="frmlogin">
<input type="hidden" name="action" value="remind" />
<input type="hidden" name="sub" value="send" />
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="30%" align="right" valign="middle">';
echo '<s';
echo 'trong>Email</strong></td>
<td align="left" valign="middle"><input type="text" name="email" size="40" /></td>
</tr>
<tr>
<td width="30%" align="right" valign="middle"> </td>
<td align="left" valign="middle"><input type="submit" value="Send Reminder" class="button" /></td>
</tr>
</table>
</form>
</div>
';
}
}
echo ' <div id="extra_info">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="left" valign="middle">IP Logged: ';
echo '<s';
echo 'trong>';
echo $remote_ip;
echo '</strong></td>
<td align="right" valign="middle">Powered by <a href="http://www.whmcs.com/" target="_blank">WHMCS</a></td>
</tr>
</table>
</div>
</div>
<div align="center">';
if ($CONFIG['SystemSSLURL'])
{
echo '<a href="';
echo $CONFIG['SystemSSLURL'] . '/' . $customadminpath;
echo '">Secure SSL Access</a> | ';
}
if (!$disableadminforgottenpw)
{
echo '<a href="login.php?action=remind">Forgot your password?</a>';
}
echo '</div>
</body>
</html>';
?>
I just wanted to clarify this. But be sure you get the nulled WHMCS from a trusted source. (Nulledz.comPHP Code:if ($licenseconnectiontest)
{
echo '<strong>License Server Connection Test</strong><br>Result: ';
$url = 'http://www.whmcs.com/index.php';
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_TIMEOUT, 30);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec ($ch);
if (curl_error ($ch))
{
echo 'Error - ' . curl_error ($ch) . '<br><br>';
}
else
{
echo 'Success<br><br>';
}
curl_close ($ch);
echo '' . 'Data:<br><textarea rows="20" cols="120">' . $data . '</textarea>';
exit ();
}
)
l0calh0st Reviewed by l0calh0st on . Difference between Legit WHMCS & Nulled WHMCS (Explained) Okay, so I'm making this thread to explain the users about WHMCS nulled. Let's take the Nulledz WHMCS version: http://nulledz.com/threads/nulledz-whmcs-v4-4-1-nulled-v1-0-2-by-l0calh0st.22/ There are 3 files which are nulled of the thousands of files. As example I take "login.php" This is the ioncube DECODED login.php, check the light yellow code. That code has been removed. That small code will check the license of WHMCS. Some people, (actually a lot) think that nulled WHMCS are Rating: 5
-
10th Jan 2011, 07:49 PM#2
Member
Erm, okay.
-
10th Jan 2011, 09:06 PM#3
MemberWebsite's:
iHacksRepo.Com WatchDDR.Comthanks for the info
Need Help Regarding Jailbreaks And Unlocks ? PM ME ;)
iDevice : iPhone 3Gs 16GB White (Factory Unlocked) Updated To iOS5 !
-
11th Jan 2011, 12:07 PM#4
Member
Yea the shit going around about nulled whmcs being bad is just crazy. i laughed so hard first time i heard that. Wonder what employee of whmcs got that rumor started?
-
11th Jan 2011, 12:23 PM#5
Member
People use nulled vB/IPB...why not WHMCS?
And why apply the rules to only WHMCS,make a rule like this in katz too? lol...80% of the sites will vanish then
-
11th Jan 2011, 12:28 PM#6
Respected Developer
Website's:
wrzc.orgAre you sure that there are only three parts? I'd have though a script this complex would have far more security checks and callbacks. I've never looked at the source of WHCMS so you could be right but I'd have presumed their would be a lot more.
Tutorial How to SEO your Warez Site a guide to help you increase your organic traffic
Huge list of Warez Sites and free Multiposter Templates
-
11th Jan 2011, 01:20 PM#7
OPMemberWebsite's:
Elite.SO Defendos.com Motionite.com@Happy, in the latest release they only added security in the following files:
Login.php - admin
Login.php - client
Licensefunctions.php
In all those files are callbacks removed like I explained. In every new release WHMCS changes the security in files. So it depends on the version.
Also, if you get the nulled version from an unsecure source you may be hacked because they add malicious codes in their release. Just always check your sources.
-
11th Jan 2011, 01:21 PM#8
Member
I want the newest version of the licensing addon
-
11th Jan 2011, 01:28 PM#9
Too busy :|
Website's:
L337Fx.com BeastieBay.netWell explained
I thought, it might have the callback in more files I never tried decoding the ioncubed files (because I failed to get a good ioncube decoder)
Thanks for this
So nulled WHMCS is safe now if you get it from a good source
-
11th Jan 2011, 01:33 PM#10
OPMemberWebsite's:
Elite.SO Defendos.com Motionite.comYes it depends on the version:
V4.1 had 14 files with security
V4.4 had 3 files with security
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
[Shared] Nulled WHMCS? Get a legit one for free!
By Nick in forum ArchiveReplies: 89Last Post: 13th Jan 2011, 06:38 PM -
Nulled WHMCS
By Daniel in forum VPS Hosting OffersReplies: 0Last Post: 25th Dec 2010, 08:14 PM -
Nulled WHMCS
By Daniel in forum Other Hosting OffersReplies: 0Last Post: 25th Dec 2010, 08:14 PM -
All about nulled WHMCS
By Drag in forum Hosting DiscussionReplies: 23Last Post: 29th Nov 2010, 06:21 AM -
Nulled WHMCS
By SkaterP in forum Webmaster DiscussionReplies: 6Last Post: 14th Nov 2010, 05:08 AM
Staff Online
themaCreator - create posts from...
Version 3.22 released. Open older version (or...