4 posts
  • Has collected 50+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 3 years
  • Sells items exclusively on Envato Market
Brashell61
says

Recently I found a security vulnerability in an item on code canyon that allowed for anyone with knowledge of the website file path, (or use traversals without a WAF or IDS active) to view any php file, i.e. the database connection information. I am frustrated because the author never replied and Envato is taking a long time to reply. Any suggestions on what to do other then just sit and wait? A simple google dork gave me a slew of sites that were vulnerable and the file has over 750 purchases. I saw the helpful hacker program but it doesn’t seem like its meant for marketplace items. Thanks.

2988 posts aspire to create - create to inspire
  • Had an item that became a weekly top seller
  • Became a Top 20 Author of the Month
  • Had an item that was trending
  • Elite Author: Sold more than $75,000 on Envato Market
+13 more
Creattive
says

Best is to open a support ticket.

If you have already done that, you can contact envato with your ticket id via twitter @envato_support to speed up the process.

Also, you can post your ticket ID in this thread.

4 posts
  • Has collected 50+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 3 years
  • Sells items exclusively on Envato Market
Brashell61
says

21516 Is the Ticket ID

2778 posts
  • Helped improve Envato sites by detecting a security issue
  • Member of the Envato Team
  • Helped several times protecting Envato Market against copyright violations
  • Taught a course or tutorial on Tuts+
+23 more
contrastblack
Envato team
says

Hey Brashell61,

Thanks for your report. Support will be in touch with you shortly on that ticket.
We appreciate your patience and understanding :)

1628 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Made it to the Authors' Hall of Fame
  • Has been part of the Envato Community for over 6 years
  • Has sold $500,000+ on Envato Market
+8 more
fuelthemes
says

That looks more of a server related issue like file permissions.

4136 posts After Effects Templates
  • Had an item that was trending
  • Had an item that became a weekly top seller
  • Became a Top 20 Author of the Month
  • Elite Author: Sold more than $75,000 on Envato Market
+12 more
miseld
says

Recently I found a security vulnerability in an item on code canyon that allowed for anyone with knowledge of the website file path, (or use traversals without a WAF or IDS active) to view any php file, i.e. the database connection information. I am frustrated because the author never replied and Envato is taking a long time to reply. Any suggestions on what to do other then just sit and wait? A simple google dork gave me a slew of sites that were vulnerable and the file has over 750 purchases. I saw the helpful hacker program but it doesn’t seem like its meant for marketplace items. Thanks.

2 days ago personally i’ve sent @Collis a great idea about support for items, if CEO and Developers accept it and implement it, buyers will never ever have a bad user experience, because before you click purchase button, you will exactly know do you have or not full support from the author.

For those who are curious, difference between you who don’t provide support and us who do is only in 1 little shiny badge :)

4 posts
  • Has collected 50+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 3 years
  • Sells items exclusively on Envato Market
Brashell61
says

That looks more of a server related issue like file permissions.

I just successfully tested it on two sites on two servers as well as on localhost. It isn’t a file permission or server related issue. If you could see it, you would understand.

2988 posts aspire to create - create to inspire
  • Had an item that became a weekly top seller
  • Became a Top 20 Author of the Month
  • Had an item that was trending
  • Elite Author: Sold more than $75,000 on Envato Market
+13 more
Creattive
says

For those who are curious, difference between you who don’t provide support and us who do is only in 1 little shiny badge :)

Hey Misel,

I’m not sure if that’s a good idea. Some might say, better make support mandatory, as those without support won’t sell anyway if that comes true. This would at least not give the impression of envato tricking their authors into giving support.

Take a look at this thread and the concerns raised there: http://themeforest.net/forums/thread/question-about-rating-system-and-envatos-hypocritical-stance/133614

I do give support on all my items, but I’m a VH author. Support is not a fulltime job like on TF. We should have that in mind.

4136 posts After Effects Templates
  • Had an item that was trending
  • Had an item that became a weekly top seller
  • Became a Top 20 Author of the Month
  • Elite Author: Sold more than $75,000 on Envato Market
+12 more
miseld
says


For those who are curious, difference between you who don’t provide support and us who do is only in 1 little shiny badge :)

Hey Misel,

I’m not sure if that’s a good idea. Some might say, better make support mandatory, as those without support won’t sell anyway if that comes true. This would at least not give the impression of envato tricking their authors into giving support.

Take a look at this thread and the concerns raised there: http://themeforest.net/forums/thread/question-about-rating-system-and-envatos-hypocritical-stance/133614 I do give support on all my items, but I’m a VH author. Support is not a fulltime job like on TF. We should have that in mind.

I agree Tobi, but for me support = knowledge. I would hire someone and pay him to develop Wordpress theme, then i could sell it here and earn a fortune + i don’t care about what buyers says, it’s not fair, not moral. We need to let our buyers to trust us, to believe in what we do, not to scam them and take $20-$30 even $80.
378 posts
  • Became a Top 20 Author of the Month
  • Elite Author: Sold more than $75,000 on Envato Market
  • Had an item that became a weekly top seller
  • Had an item that was trending
+7 more
halfdata
says

I would hire someone and pay him to develop Wordpress theme, then i could sell it here and earn a fortune + i don’t care about what buyers says, it’s not fair, not moral. We need to let our buyers to trust us, to believe in what we do, not to scam them and take $20-$30 even $80.
I don’t think this scenario is possible. When you get several 1-star ratings, nobody will buy your theme. Moreover, you will loose money, because theme development (which match ThemeForest criteria) cost more then you earn. Even if you could sell 20 copies until your 1-star rating become public, you earn only $500. I’m sure theme development cost more.
by
by
by
by
by
by