Results 1 to 7 of 7
-
4th Dec 2011, 07:48 AM #1OPMemberWebsite's:
KWWHunction.com Google.comWHMCS Security Exploit+Patch
Patch Your WHMCS Before you are HACKED!
CourtesyGlenn Reviewed by Glenn on . WHMCS Security Exploit+Patch Patch Your WHMCS Before you are HACKED! Courtesy Rating: 5Intel Xeon E3 -1240 16 GB DDR3 Ram 4 x 1 TB HDD 1 Gbit 100 TB BW -
Location:Netherlands 185 Euros/Month- PM me to order
-
4th Dec 2011, 08:00 AM #2It begins...
Out of interest, what IS the security issue? That is to say, what does it allow the exploiter to do?
-
4th Dec 2011, 11:37 AM #3Banned
The vulnerable code is located under cart.php which contains:
Code:if ( $a == "add" ) { $templatefile = "configureproductdomain"; ....etc } if ( $a == "login" ) { $templatefile = "login"; ....etc } ... outputClientArea( $templatefile, $nowrapper ); # outputClientArea function will display "./templates/orderforms/cart/{$templatefile}.tpl"
-
4th Dec 2011, 11:42 AM #4Member
It allows attacker to insert a malicious PHP script to WHMcs assuming he can write to any directory inside public_html.
Here is my patch which prevents uploading ANY files inside public_html in case there are other exploits out there.
http://www.besthostingforums.com/10-...tch-whmcs.htmlKnownSRV.com - Quality comes at a price, and we provide it at affordable prices.
PayPal, Skrill(MoneyBookers), Payza(AlertPay), 2CheckOut and LibertyReserve accepted!
-
4th Dec 2011, 01:07 PM #5
-
4th Dec 2011, 02:35 PM #6MemberWebsite's:
servedome.comSo this is what screwed Servedome and Boxslots?
-
8th Dec 2011, 01:59 AM #7MemberWebsite's:
Xentos.nlHigh likely yes, although there is a patch for it and if they are not fast enough to apply the patch there is a big chance it will be used on you.
they can decompile both old and new patched file and find the exploit. that's why it's rather annoying, by the time you receive a mail from whmcs 100.000s people know about it. and there are always one or two who like to exploit it.
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
WHMCS Security Patch Released!
By Rox in forum Hosting DiscussionReplies: 11Last Post: 7th Jun 2012, 01:14 AM -
Security Patch for WHMCS released.
By Exel in forum News & Current EventsReplies: 1Last Post: 29th May 2012, 08:17 PM -
WHMCS Security Patch
By robert420 in forum Hosting DiscussionReplies: 0Last Post: 3rd Dec 2011, 02:04 AM -
WHMCS 4.X Security Patch
By Cory in forum News & Current EventsReplies: 0Last Post: 15th Jun 2011, 07:57 AM -
Security exploit identified in Exim
By DLow in forum Technical and Security TutorialsReplies: 3Last Post: 12th Dec 2010, 10:04 PM
themaManager - edit and manage...
Version 4.18 released. Open older version (or...