Page 2 of 14 FirstFirst 1234512 ... LastLast
Results 26 to 50 of 343
  1. #26
    Join Date
    May 2003
    Location
    San Francisco, CA
    Posts
    1,506
    It's sad that we're having to include dates in these exploit threads just to be able to distinguish them...
      0 Not allowed!

  2. #27
    Join Date
    Oct 2009
    Posts
    590
    If you disable client name changes like you should have done after the AES_ENCRYPT exploit then you should be secure. That is assuming the details in post#4 are true.
      0 Not allowed!

  3. #28
    Join Date
    Aug 2009
    Location
    Los Angeles
    Posts
    3,338
    At this rate WHMCS 5.3 will be a security patch rather than a major release
      3 Not allowed!

  4. #29
    Join Date
    May 2009
    Posts
    80
    We have disabled client info change, all changes must be made by ticket. But, client still can create new profile, and that is still a open door for injection, am I right? Not sure about this, but if yes, then disable info change make no difference.
      0 Not allowed!

  5. #30
    I'm seriously considering other software.. this is pretty sad..
    Small Budget Hosting - Starter Hosting, Advanced Hosting - Reseller Hosting
      0 Not allowed!

  6. #31
    Join Date
    Mar 2005
    Location
    Ten1/0/2
    Posts
    2,529
    Quote Originally Posted by Jay H View Post
    It's sad that we're having to include dates in these exploit threads just to be able to distinguish them...
    Ain't that the truth! This Week I am glad we don't use WHMCS

    I do have to ask what does the CS stand for? Crappy Software? Complete Shite?
    CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
    Running Linux since 1.0.8 Kernel!
    Providing Internet Services since 1995 and Hosting Since 2004
      3 Not allowed!

  7. #32
    Join Date
    Aug 2007
    Posts
    61
    I'm just amazed how many people still use WHMCS. They had a HUGE exploit that got several hosting companies' clientele information leaked (including WHMCS's). They remove the resellers discounted licensing program so they make every cent (what good did that do besides make more money to these community college drop out developers). They're encryption to the source code has been cracked since 5.2.7 (might be why these are now being found?), and you have to pay extra to remove the "Powered by WHMCS" crap out of the software so whenever there is a new exploit, people just have to Google for the copyright phrase to find all of the vulnerable WHMCS installs available on the internet.
      0 Not allowed!

  8. #33
    Join Date
    Jul 2013
    Posts
    63
    I guess i really have to move now, this is now like 3rd patch in the same month or so.
      0 Not allowed!

  9. #34
    Join Date
    May 2003
    Location
    San Francisco, CA
    Posts
    1,506
    Quote Originally Posted by desynced View Post
    They're encryption to the source code has been cracked since 5.2.7 (might be why these are now being found?)
    It was decoded well before then.
      0 Not allowed!

  10. #35
    Join Date
    Oct 2008
    Location
    Singapore
    Posts
    4,685
    Quote Originally Posted by 123Andrew View Post
    At this rate WHMCS 5.3 will be a security patch rather than a major release
    I rather have them patch all the loopholes than to release a bunch of new features we don't need.
      0 Not allowed!

  11. #36
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Do we send some of these to the WHMCS HQ:

    http://c2.diapers.com/images/product.../jj-019_1z.jpg
      0 Not allowed!

  12. #37
    Join Date
    Aug 2007
    Posts
    61
    Quote Originally Posted by Jay H View Post
    It was decoded well before then.
    You are correct, I should of phrased it as the latest source code available (though I see 5.2.9 was available on some forums before mods removed the link).
      0 Not allowed!

  13. #38
    Join Date
    Apr 2011
    Location
    Melbourne
    Posts
    93
    Quote Originally Posted by MattF View Post
    It is interest classification but they dont really exist, although granted you'll have plenty of companies offering this service... The best you could is find a programmer that is willing to do a detailed code review, then I guess problem is the first thing a decent programmer is going to do is vommit and then walk away due to the potential side-efects of attribution. You have be pretty brave to put seal of approval on WHMCS. Look at the joke audit solusvm did, these audits dont inspire confidence, or do they ???

    SektionEins is a pretty well known security and auditing company. They are the creators behind Suhosin and have done a number of audits for open source projects.
      0 Not allowed!

  14. #39
    Join Date
    Aug 2007
    Posts
    61
    Quote Originally Posted by ketan View Post
    SektionEins is a pretty well known security and auditing company. They are the creators behind Suhosin and have done a number of audits for open source projects.
    Their portfolio is a little to be desired. The last public exploit/vulnerability is 04/13/2010?
      0 Not allowed!

  15. #40
    Join Date
    Feb 2008
    Location
    Houston, Texas, USA
    Posts
    3,262
    WHMCS has lost credibility. It's about time cPanel shares some of the responsibility of this snafu. Next time this needs to be reported as a "cPanel WHMCS exploit." We need cPanel to take over because they have "a financial stake in WHMCS."
      0 Not allowed!

  16. #41
    Join Date
    Jan 2011
    Posts
    303
    is it me or new version broke some pages
    EdenHost.Com - Domains | Shared | Reseller | VPS | VPS Resellers | SSL
    Eden Web+ - We Develop Your Vision | Graphic Designing | Advertising and SEO | Web Designing | Web Development | Server Management | Website Management | Support Services
    Call/Text Us Today! +91-7509-077999 | +1-(828)-330-EDEN
      0 Not allowed!

  17. #42
    Reported this one last night, but mods incorrectly closed as a dupe post

    http://www.webhostingtalk.com/showthread.php?t=1314567
      0 Not allowed!

  18. #43
    Join Date
    Aug 2007
    Posts
    61
    Quote Originally Posted by iMiMx View Post
    Reported this one last night, but mods incorrectly closed as a dupe post

    http://www.webhostingtalk.com/showthread.php?t=1314567
    Ha! I was just pulling up your post and going to ask if it's the same thing you were referring to.
      0 Not allowed!

  19. #44
    Join Date
    Aug 2003
    Location
    Taiwan
    Posts
    1,103
    Quote Originally Posted by prateek View Post
    is it me or new version broke some pages
    which page ?
    © www.hostinginside.com AS9678 √
    © Taiwan Colocation and Dedicated Server
    © Taiwan, Singapore, US, UK & Germany KVM Based VPS with RAID 10
      0 Not allowed!

  20. #45
    Join Date
    Jan 2011
    Posts
    303
    Quote Originally Posted by jenok View Post
    which page ?
    try searching for client query result may come up with double results
    EdenHost.Com - Domains | Shared | Reseller | VPS | VPS Resellers | SSL
    Eden Web+ - We Develop Your Vision | Graphic Designing | Advertising and SEO | Web Designing | Web Development | Server Management | Website Management | Support Services
    Call/Text Us Today! +91-7509-077999 | +1-(828)-330-EDEN
      0 Not allowed!

  21. #46
    Join Date
    Mar 2013
    Posts
    918
    I am shocked another exploit has come up this quick.
      0 Not allowed!

  22. #47
    Join Date
    Jan 2011
    Posts
    303
    Quote Originally Posted by Silvatech View Post
    I am shocked another exploit has come up this quick.
    problem is all of this are not new exploits this are same god damn exploit with some tweak
    EdenHost.Com - Domains | Shared | Reseller | VPS | VPS Resellers | SSL
    Eden Web+ - We Develop Your Vision | Graphic Designing | Advertising and SEO | Web Designing | Web Development | Server Management | Website Management | Support Services
    Call/Text Us Today! +91-7509-077999 | +1-(828)-330-EDEN
      1 Not allowed!

  23. #48
    Join Date
    Aug 2003
    Location
    Taiwan
    Posts
    1,103
    Quote Originally Posted by prateek View Post
    try searching for client query result may come up with double results
    It has been mentioned on previous version 5.2.9

    http://www.webhostingtalk.com/showpo...&postcount=226
    © www.hostinginside.com AS9678 √
    © Taiwan Colocation and Dedicated Server
    © Taiwan, Singapore, US, UK & Germany KVM Based VPS with RAID 10
      0 Not allowed!

  24. #49
    Join Date
    Oct 2013
    Location
    Australia
    Posts
    206
    Time to move ahead! Enough of WHMCS crap
      0 Not allowed!

  25. #50
    Join Date
    Mar 2013
    Posts
    918
    Quote Originally Posted by prateek View Post
    problem is all of this are not new exploits this are same god damn exploit with some tweak
    Totally agree, I suppose I am more shocked just how easily exploitable it clearly is . I was expecting another issue in weeks not days .
      0 Not allowed!

Page 2 of 14 FirstFirst 1234512 ... LastLast

Similar Threads

  1. [FEATURED] Another WHMCS exploit
    By spencerocks in forum Hosting Software and Control Panels
    Replies: 356
    Last Post: 10-21-2013, 04:43 AM
  2. Yet another WHMCS exploit?
    By iMiMx in forum Hosting Software and Control Panels
    Replies: 23
    Last Post: 10-20-2013, 04:52 PM
  3. whmcs exploit?
    By smerrikin in forum Hosting Software and Control Panels
    Replies: 2
    Last Post: 10-03-2013, 12:04 PM
  4. WHMCS Exploit?
    By Dustin B Cisneros in forum Hosting Software and Control Panels
    Replies: 4
    Last Post: 07-11-2013, 11:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •