4 posts
  • Collector Level 3
  • United States
  • 3 Years of Membership
  • Exclusive Author
Brashell61
says

Recently I found a security vulnerability in an item on code canyon that allowed for anyone with knowledge of the website file path, (or use traversals without a WAF or IDS active) to view any php file, i.e. the database connection information. I am frustrated because the author never replied and Envato is taking a long time to reply. Any suggestions on what to do other then just sit and wait? A simple google dork gave me a slew of sites that were vulnerable and the file has over 750 purchases. I saw the helpful hacker program but it doesn’t seem like its meant for marketplace items. Thanks.

3022 posts aspire to create - create to inspire
  • Weekly Top Seller
  • Top Monthly Author
  • Trendsetter
  • Elite Author
+13 more
Creattive
says

Best is to open a support ticket.

If you have already done that, you can contact envato with your ticket id via twitter @envato_support to speed up the process.

Also, you can post your ticket ID in this thread.

4 posts
  • Collector Level 3
  • United States
  • 3 Years of Membership
  • Exclusive Author
Brashell61
says

21516 Is the Ticket ID

2782 posts
  • Most Wanted Winner
  • Feedback Guru
  • Winner
  • Meetup Participant
+23 more
contrastblack
Envato team
says

Hey Brashell61,

Thanks for your report. Support will be in touch with you shortly on that ticket.
We appreciate your patience and understanding :)

1642 posts
  • Elite Author
  • Featured Author
  • 6 Years of Membership
  • Author Level 10
+8 more
fuelthemes
says

That looks more of a server related issue like file permissions.

4151 posts After Effects Templates
  • Author Level 8
  • Elite Author
  • Top Monthly Author
  • Weekly Top Seller
+12 more
miseld
says

Recently I found a security vulnerability in an item on code canyon that allowed for anyone with knowledge of the website file path, (or use traversals without a WAF or IDS active) to view any php file, i.e. the database connection information. I am frustrated because the author never replied and Envato is taking a long time to reply. Any suggestions on what to do other then just sit and wait? A simple google dork gave me a slew of sites that were vulnerable and the file has over 750 purchases. I saw the helpful hacker program but it doesn’t seem like its meant for marketplace items. Thanks.

2 days ago personally i’ve sent @Collis a great idea about support for items, if CEO and Developers accept it and implement it, buyers will never ever have a bad user experience, because before you click purchase button, you will exactly know do you have or not full support from the author.

For those who are curious, difference between you who don’t provide support and us who do is only in 1 little shiny badge :)

4 posts
  • Collector Level 3
  • United States
  • 3 Years of Membership
  • Exclusive Author
Brashell61
says

That looks more of a server related issue like file permissions.

I just successfully tested it on two sites on two servers as well as on localhost. It isn’t a file permission or server related issue. If you could see it, you would understand.

3022 posts aspire to create - create to inspire
  • Weekly Top Seller
  • Top Monthly Author
  • Trendsetter
  • Elite Author
+13 more
Creattive
says

For those who are curious, difference between you who don’t provide support and us who do is only in 1 little shiny badge :)

Hey Misel,

I’m not sure if that’s a good idea. Some might say, better make support mandatory, as those without support won’t sell anyway if that comes true. This would at least not give the impression of envato tricking their authors into giving support.

Take a look at this thread and the concerns raised there: http://themeforest.net/forums/thread/question-about-rating-system-and-envatos-hypocritical-stance/133614

I do give support on all my items, but I’m a VH author. Support is not a fulltime job like on TF. We should have that in mind.

4151 posts After Effects Templates
  • Author Level 8
  • Elite Author
  • Top Monthly Author
  • Weekly Top Seller
+12 more
miseld
says


For those who are curious, difference between you who don’t provide support and us who do is only in 1 little shiny badge :)

Hey Misel,

I’m not sure if that’s a good idea. Some might say, better make support mandatory, as those without support won’t sell anyway if that comes true. This would at least not give the impression of envato tricking their authors into giving support.

Take a look at this thread and the concerns raised there: http://themeforest.net/forums/thread/question-about-rating-system-and-envatos-hypocritical-stance/133614 I do give support on all my items, but I’m a VH author. Support is not a fulltime job like on TF. We should have that in mind.

I agree Tobi, but for me support = knowledge. I would hire someone and pay him to develop Wordpress theme, then i could sell it here and earn a fortune + i don’t care about what buyers says, it’s not fair, not moral. We need to let our buyers to trust us, to believe in what we do, not to scam them and take $20-$30 even $80.
380 posts
  • Top Monthly Author
  • Elite Author
  • Weekly Top Seller
  • Trendsetter
+7 more
halfdata
says

I would hire someone and pay him to develop Wordpress theme, then i could sell it here and earn a fortune + i don’t care about what buyers says, it’s not fair, not moral. We need to let our buyers to trust us, to believe in what we do, not to scam them and take $20-$30 even $80.
I don’t think this scenario is possible. When you get several 1-star ratings, nobody will buy your theme. Moreover, you will loose money, because theme development (which match ThemeForest criteria) cost more then you earn. Even if you could sell 20 copies until your 1-star rating become public, you earn only $500. I’m sure theme development cost more.
by
by
by
by
by
by