Page 1 of 16 123411 ... LastLast
Results 1 to 25 of 396
  1. #1
    Join Date
    Sep 2011
    Location
    USA
    Posts
    61

    WHMCS Exploit October 24 (V5.2.10)

    Well another exploit!
    Same website as last time had the leak
      0 Not allowed!

  2. #2
    Join Date
    Oct 2010
    Posts
    3,662

    WHMCS Exploit October 24

    Another WHMCS exploit has been discovered. You may want to disable access. It may allow for database access.
      0 Not allowed!

  3. #3
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,990
    Man, a never ending exploit. Again?

    Specially 4 U
    Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
    Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx
      0 Not allowed!

  4. #4
    Join Date
    Oct 2010
    Posts
    3,662
    Quote Originally Posted by net View Post
    Man, a never ending exploit. Again?
    And again, and again!
    --Kelly Clarkson
      0 Not allowed!

  5. #5
    Join Date
    Jul 2003
    Posts
    612
    Does the Mod security rules posted by rack911 still work?
      0 Not allowed!

  6. #6
    Join Date
    Aug 2009
    Location
    Los Angeles
    Posts
    3,338
    The publisher states that he has only released the first portion of the exploit, more may follow even after it has been patched sadly.
      0 Not allowed!

  7. #7
    WHMCS needs to raise some white flags on their site, and call it quits.

    These n00bie hacks will not stop coming until they completely recode their base (which they've already said they will not do).
      0 Not allowed!

  8. #8
    Join Date
    Feb 2006
    Location
    Global
    Posts
    1,642
    Oh goody, more fun in store!
    We love you WHMCS.
      0 Not allowed!

  9. #9
    Join Date
    Feb 2010
    Location
    Ohio
    Posts
    94
    I'm not sure if i should laugh, or cry.
    SupremeBytes, LLC
    █ Shared hosting, Reseller hosting, Dedicated Servers and Virtual Private Servers.
      1 Not allowed!

  10. #10
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,990
    Quote Originally Posted by 123Andrew View Post
    The publisher states that he has only released the first portion of the exploit, more may follow even after it has been patched sadly.
    That is pretty scary and risky for those companies using WHMCS.
      0 Not allowed!

  11. #11
    Join Date
    Oct 2009
    Posts
    590
    mod_sec crs + last known custom whmcs rules not blocking it
      0 Not allowed!

  12. #12
    Join Date
    Jul 2003
    Posts
    612
    Quote Originally Posted by mustardman View Post
    mod_sec crs + custom whmcs rules not blocking it
    The exploit won't be blocked by mod_security but mod_security should stop any database access attempts. (i'm not sure though, I'm not a security expert)
      0 Not allowed!

  13. #13
    Join Date
    Oct 2009
    Posts
    590
    Can try add/modify this. It only blocks the specific line posted. A slight modification to that will get around it so needs refinement.

    add to top of configuration.php in the whmcs root folder.

    if(isset($_REQUEST['invoiceids']) && is_array($_REQUEST['invoiceids'])) { die('no'); }
      0 Not allowed!

  14. #14
    Join Date
    Sep 2012
    Location
    Arlington, VA
    Posts
    25
    This is just getting ridiculous at this point.
      1 Not allowed!

  15. #15
    Join Date
    Oct 2010
    Posts
    3,662
    Please note that the information on how to obtain the database/manipulate the database HAS been leaked.
      1 Not allowed!

  16. #16
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,089
    Quote Originally Posted by Rifayat Ahmed View Post
    This is just getting ridiculous at this point.
    And yet, they do seem to be getting that audit, sort of.
    Tragic, this is.
    Your one stop shop for decentralization
      1 Not allowed!

  17. #17
    Quote Originally Posted by bear View Post
    And yet, they do seem to be getting that audit, sort of.
    Tragic, this is.
    Free Audit.. Why pay a consulting firm
      0 Not allowed!

  18. #18
    Join Date
    Oct 2012
    Posts
    188
    WHMCS party never ends!
      1 Not allowed!

  19. #19
    Join Date
    Aug 2011
    Location
    Ottawa, Canada
    Posts
    144
    Time to code our own billing system !
    I'm not a native English speaker and my writing and (even) understanding of the language is far, far away from fluent.
      0 Not allowed!

  20. #20
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    8,154
    Quote Originally Posted by bear View Post
    And yet, they do seem to be getting that audit, sort of.
    Tragic, this is.


    Not good.
      0 Not allowed!

  21. #21
    Join Date
    Jul 2011
    Location
    Norway
    Posts
    352
    Quote Originally Posted by Rifayat Ahmed View Post
    This is just getting ridiculous at this point.
    It was "getting ridiculous" a long time ago. Now it's just pathetic. The WHMCS guys really oughta come up with a big, fat apology and then spend every dollar they have in the bank getting their code audited and rebuilt by someone who knows how to code properly.

    Oh, and I have a feature request for WHMCS: Build a "plugin" that will export all data from WHMCS to Blesta, ClientExec, HostBill or any of their competitors really. That's about the only product I'm willing to pay WHMCS for right now.
      1 Not allowed!

  22. #22
    Join Date
    Nov 2011
    Location
    Harrisburg, PA
    Posts
    2,074
    Oh good, I was hoping WHMCS wouldn't go a full week without yet another security exploit.

    Thanks, WHMCS team, for releasing such a crappy product.
    Fresh Roasted Hosting :: High-performance Harrisburg web hosting since 2012!
    "The only thing better than the world's best customer service is never needing them in the first place."
    Shared :: VPS :: Reseller :: Dedicated :: Co-Location :: SSL Certificates
      1 Not allowed!

  23. #23
    Join Date
    Aug 2011
    Location
    Ottawa, Canada
    Posts
    144
    Quote Originally Posted by UENO View Post
    It was "getting ridiculous" a long time ago. Now it's just pathetic. The WHMCS guys really oughta come up with a big, fat apology and then spend every dollar they have in the bank getting their code audited and rebuilt by someone who knows how to code properly.

    Oh, and I have a feature request for WHMCS: Build a "plugin" that will export all data from WHMCS to Blesta, ClientExec, HostBill or any of their competitors really. That's about the only product I'm willing to pay WHMCS for right now.
    freelancer.com

    Pretty sure someone what to work for you
    I'm not a native English speaker and my writing and (even) understanding of the language is far, far away from fluent.
      0 Not allowed!

  24. #24
    Join Date
    Nov 2011
    Location
    Harrisburg, PA
    Posts
    2,074
    Quote Originally Posted by UENO View Post
    Oh, and I have a feature request for WHMCS: Build a "plugin" that will export all data from WHMCS to Blesta, ClientExec, HostBill or any of their competitors really. That's about the only product I'm willing to pay WHMCS for right now.
    We are actively migrating to Blesta as you read this. Their WHMCS importer is about 90% where we need it to be. As much as we love Blesta, if the CE5 importer gets done first, we may go that route instead. We can't keep taking our billing system down every time there's Yet Another WHMCS Exploit (tm).
    Fresh Roasted Hosting :: High-performance Harrisburg web hosting since 2012!
    "The only thing better than the world's best customer service is never needing them in the first place."
    Shared :: VPS :: Reseller :: Dedicated :: Co-Location :: SSL Certificates
      1 Not allowed!

  25. #25
    Join Date
    Aug 2011
    Location
    Ottawa, Canada
    Posts
    144
    Quote Originally Posted by FRH Lisa View Post
    We are actively migrating to Blesta as you read this. Their WHMCS importer is about 90% where we need it to be. As much as we love Blesta, if the CE5 importer gets done first, we may go that route instead. We can't keep taking our billing system down every time there's Yet Another WHMCS Exploit (tm).
    Blesta is good ?
    I'm not a native English speaker and my writing and (even) understanding of the language is far, far away from fluent.
      0 Not allowed!

Page 1 of 16 123411 ... LastLast

Similar Threads

  1. [FEATURED] New WHMCS Exploit
    By Aldryic C'boas in forum Hosting Software and Control Panels
    Replies: 399
    Last Post: 10-18-2013, 03:57 PM
  2. whmcs exploit?
    By smerrikin in forum Hosting Software and Control Panels
    Replies: 2
    Last Post: 10-03-2013, 12:04 PM
  3. WHMCS Exploit?
    By Dustin B Cisneros in forum Hosting Software and Control Panels
    Replies: 4
    Last Post: 07-11-2013, 11:02 AM
  4. New WHMCS Exploit?
    By Hoosier Mike in forum Hosting Software and Control Panels
    Replies: 41
    Last Post: 03-26-2013, 08:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •