Results 1 to 25 of 396
-
10-24-2013, 08:27 PM #1Junior Guru Wannabe
- Join Date
- Sep 2011
- Location
- USA
- Posts
- 61
WHMCS Exploit October 24 (V5.2.10)
Well another exploit!
Same website as last time had the leak0
-
10-24-2013, 08:28 PM #2Web Hosting Master
- Join Date
- Oct 2010
- Posts
- 3,662
WHMCS Exploit October 24
Another WHMCS exploit has been discovered. You may want to disable access. It may allow for database access.
0
-
10-24-2013, 08:31 PM #3The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,990
Man, a never ending exploit. Again?
Specially 4 U
Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx
0
-
10-24-2013, 08:32 PM #4Web Hosting Master
- Join Date
- Oct 2010
- Posts
- 3,662
0
-
10-24-2013, 08:39 PM #5Web Hosting Master
- Join Date
- Jul 2003
- Posts
- 612
Does the Mod security rules posted by rack911 still work?
0
-
10-24-2013, 08:45 PM #6Web Hosting Master
- Join Date
- Aug 2009
- Location
- Los Angeles
- Posts
- 3,338
The publisher states that he has only released the first portion of the exploit, more may follow even after it has been patched sadly.
0
-
10-24-2013, 08:49 PM #7Newbie
- Join Date
- Mar 2013
- Posts
- 19
WHMCS needs to raise some white flags on their site, and call it quits.
These n00bie hacks will not stop coming until they completely recode their base (which they've already said they will not do).0
-
10-24-2013, 08:50 PM #8Disabled
- Join Date
- Feb 2006
- Location
- Global
- Posts
- 1,642
Oh goody, more fun in store!
We love you WHMCS.0
-
10-24-2013, 08:53 PM #9Junior Guru Wannabe
- Join Date
- Feb 2010
- Location
- Ohio
- Posts
- 94
I'm not sure if i should laugh, or cry.
█ SupremeBytes, LLC
█ Shared hosting, Reseller hosting, Dedicated Servers and Virtual Private Servers.1
-
10-24-2013, 08:53 PM #10The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,990
0
-
10-24-2013, 08:56 PM #11Web Hosting Master
- Join Date
- Oct 2009
- Posts
- 590
mod_sec crs + last known custom whmcs rules not blocking it
0
-
10-24-2013, 08:57 PM #12Web Hosting Master
- Join Date
- Jul 2003
- Posts
- 612
0
-
10-24-2013, 09:00 PM #13Web Hosting Master
- Join Date
- Oct 2009
- Posts
- 590
Can try add/modify this. It only blocks the specific line posted. A slight modification to that will get around it so needs refinement.
add to top of configuration.php in the whmcs root folder.
if(isset($_REQUEST['invoiceids']) && is_array($_REQUEST['invoiceids'])) { die('no'); }0
-
10-24-2013, 09:02 PM #14Newbie
- Join Date
- Sep 2012
- Location
- Arlington, VA
- Posts
- 25
This is just getting ridiculous at this point.
█ █ █ Nuphix
█ █ █ www.nuphix.com
█ █ █ Computer Services | Hosting Services - Web Development Services1
-
10-24-2013, 09:07 PM #15Web Hosting Master
- Join Date
- Oct 2010
- Posts
- 3,662
Please note that the information on how to obtain the database/manipulate the database HAS been leaked.
1
-
10-24-2013, 09:07 PM #161
-
10-24-2013, 09:10 PM #17Newbie
- Join Date
- Mar 2013
- Posts
- 19
0
-
10-24-2013, 09:18 PM #18Junior Guru
- Join Date
- Oct 2012
- Posts
- 188
WHMCS party never ends!
1
-
10-24-2013, 09:25 PM #19WHT Addict
- Join Date
- Aug 2011
- Location
- Ottawa, Canada
- Posts
- 144
Time to code our own billing system !
I'm not a native English speaker and my writing and (even) understanding of the language is far, far away from fluent.0
-
10-24-2013, 09:26 PM #20Web Hosting Master
- Join Date
- Aug 2004
- Location
- Earth
- Posts
- 8,154
0
-
10-24-2013, 09:28 PM #21Aspiring Evangelist
- Join Date
- Jul 2011
- Location
- Norway
- Posts
- 352
It was "getting ridiculous" a long time ago. Now it's just pathetic. The WHMCS guys really oughta come up with a big, fat apology and then spend every dollar they have in the bank getting their code audited and rebuilt by someone who knows how to code properly.
Oh, and I have a feature request for WHMCS: Build a "plugin" that will export all data from WHMCS to Blesta, ClientExec, HostBill or any of their competitors really. That's about the only product I'm willing to pay WHMCS for right now.1
-
10-24-2013, 09:29 PM #22Web Hosting Master
- Join Date
- Nov 2011
- Location
- Harrisburg, PA
- Posts
- 2,074
Oh good, I was hoping WHMCS wouldn't go a full week without yet another security exploit.
Thanks, WHMCS team, for releasing such a crappy product.▐█▌Fresh Roasted Hosting :: High-performance Harrisburg web hosting since 2012!
▐█▌"The only thing better than the world's best customer service is never needing them in the first place."
▐█▌Shared :: VPS :: Reseller :: Dedicated :: Co-Location :: SSL Certificates1
-
10-24-2013, 09:30 PM #23WHT Addict
- Join Date
- Aug 2011
- Location
- Ottawa, Canada
- Posts
- 144
0
-
10-24-2013, 09:31 PM #24Web Hosting Master
- Join Date
- Nov 2011
- Location
- Harrisburg, PA
- Posts
- 2,074
We are actively migrating to Blesta as you read this. Their WHMCS importer is about 90% where we need it to be. As much as we love Blesta, if the CE5 importer gets done first, we may go that route instead. We can't keep taking our billing system down every time there's Yet Another WHMCS Exploit (tm).
▐█▌Fresh Roasted Hosting :: High-performance Harrisburg web hosting since 2012!
▐█▌"The only thing better than the world's best customer service is never needing them in the first place."
▐█▌Shared :: VPS :: Reseller :: Dedicated :: Co-Location :: SSL Certificates1
-
10-24-2013, 09:34 PM #25WHT Addict
- Join Date
- Aug 2011
- Location
- Ottawa, Canada
- Posts
- 144
0
Similar Threads
-
[FEATURED] New WHMCS Exploit
By Aldryic C'boas in forum Hosting Software and Control PanelsReplies: 399Last Post: 10-18-2013, 03:57 PM -
whmcs exploit?
By smerrikin in forum Hosting Software and Control PanelsReplies: 2Last Post: 10-03-2013, 12:04 PM -
WHMCS Exploit?
By Dustin B Cisneros in forum Hosting Software and Control PanelsReplies: 4Last Post: 07-11-2013, 11:02 AM -
New WHMCS Exploit?
By Hoosier Mike in forum Hosting Software and Control PanelsReplies: 41Last Post: 03-26-2013, 08:21 PM