New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WHMCS Exploit, DeJa Vu?
So, So, I just checked WHT and found a post, http://www.webhostingtalk.com/showthread.php?t=1159958
And I just thought I would post it here.
http://forum.whmcs.com/showthread.php?47908-New-0-day-exploit&p=225132#post225132
It's the end of the world as we know it...
Comments
@Jacob it appears this was patched on monday (thank god).... but there are going to be a lot of people that don't patch.
This is a different one or is the guy on WHT just a few days behind..?
This situation is quite confusing now.
chmod 000 whmcsdir/modules/gateways/boleto
You are fixed.
@Jacob it appears the guy on WHT is a few days behind.
Nah, UGNazi is just touting the exploit as new.
interestingly i see a few trys in my logfiles, tried it myself and get as result:
Fatal error: require(): Failed opening required 'boleto_.php' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/XXXX/modules/gateways/boleto/boleto.php on line 128
So i guess it is secure?
Damn want to test it, anyone a demo/test/whatever installation where I am allowed to run it?
was the DB patch a fix for this?
Did you know that without the proper precautions in place, someone can just go to your WHMCS admin page and type in the password if they know it?
That's it. From now on invoices are sent by horse.