Support A2Billing :

provided by Star2Billing S.L.

 Support A2Billing :
It is currently Fri Apr 19, 2024 4:17 am
Voice Broadcast System

View unanswered posts | View active topics


Board index » V1.5 onwards (Lignum Vitae, Hickory, etc...) » V1.5 onwards BUGS

All times are UTC




Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 
  Print view Previous topic | Next topic 
Author Message
rshack
 Post subject: A2billing V1.9.4 Support Ticket Bug.
PostPosted: Thu Aug 29, 2013 10:54 pm 
Offline

Joined: Mon May 13, 2013 10:09 pm
Posts: 9
Hi,

I was reconstructing the customer panel today to change the layout and customize the template, and as I started working with the support ticket some lines of code went bad and I realized this:

Any customer can read any support ticket on the system just by changing the header value.
For example:
Customer 'A' created support ticket ID '3'. Customer 'B' created support ticket ID '5'.
If you log in to customer 'A's account, click to view your ticket, the URL would go to:
"http://domain.com/a2billing/customer/A2B_ticket_view.php?id=3"

If you change the get on that URL to id 5:
"http://domain.com/a2billing/customer/A2B_ticket_view.php?id=5"
You will be able to view the components of this ticket, which belongs to an other customer.

The system does not check who initiated each ticket, it just takes the ID, and displays the ticket.
And you can reply to the ticket, and act as if it was your own even though it belongs to an another account.

I haven't seen any posts talking about this bug, if any are available please let me know.

Also, if anyone has any developed workaround for this it would be great to share. It is a simple task, but anybody with any information please share to make this easier for me and the community.

Also, would this have this bug reach A2billing team or should I submit it someplace else?

Appreciate your time and contribution.
Thanks.
Top
 Profile  
 
jroper
 Post subject: Re: A2billing V1.9.4 Support Ticket Bug.
PostPosted: Fri Aug 30, 2013 9:10 am 
Offline

Joined: Fri Jun 23, 2006 3:56 pm
Posts: 4065
Hi

Can you test and report back with the current version, 2.0.6?

There were a number of security enhancements made to version 2.

Joe
Top
 Profile  
 
rshack
 Post subject: Re: A2billing V1.9.4 Support Ticket Bug.
PostPosted: Sat Aug 31, 2013 1:21 am 
Offline

Joined: Mon May 13, 2013 10:09 pm
Posts: 9
Hi,

I don't currently have any machine running the new version.

I haven't had any time testing it so far.

Please tell me, is the installation procedure the same for the V2 of A2billing?

Also, if I have time to test I will do so in the near future.

Anyone who reads this with a system running with V2 of A2billing please test and report here.

Thanks,
rshack
Top
 Profile  
 
jroper
 Post subject: Re: A2billing V1.9.4 Support Ticket Bug.
PostPosted: Sat Aug 31, 2013 8:05 am 
Offline

Joined: Fri Jun 23, 2006 3:56 pm
Posts: 4065
Hi

The procedure is identical to almost any previous version of A2Billing.

You should really be running the latest version. as a matter of course.


Joe
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 
Voice Broadcast System


Board index » V1.5 onwards (Lignum Vitae, Hickory, etc...) » V1.5 onwards BUGS

All times are UTC


Who is online

Users browsing this forum: No registered users and 20 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Advertisements by Advertisement Management