New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Are you sure it doesn't affect earlier versions? I would say disable access no matter what version you're using unless you have decoded code for your specific version.
Earlier versions are affected.
Im illiterate apparently, ignore my last comment
Instead of adding new features perhaps they should focus on hardening the security of what they already have.
I went ahead and submitted tickets to most of the hosts featured on LEB in the last two months who are using and haven't disabled WHMCS yet. Some say they blocked it with mod_security rule.
So who got hit?
This has been out for at least 4 hours and I don't understand why we didn't receive an email from WHMCS themselves.
No one I am aware of yet.
You can check this by running this exploit on your own whmcs.
They should have at least tweeted and posted in their blog though...
probably no one left in the office with access to do that, being at cpan conf
Such a strange way to put it in a Tweet.
Setting this rule at mod_security will fix this for now.
You should give that advice to WHMCS themselves. Their vulnerable installation is still online accepting orders. //facepalm
Damn! Fuck off! As soon I reply this thread I got attack! Fuck this shit who did this to me!
>
I'm guessing your fix doesn't work then? Best to disable WHMCS.
@Jono20201 It will not work, mod_sec rules already prevent it. However I take it down as well. Better not to take any risk. Privacy matters.
It's a name of person in Indonesia.
@ErawanArifNugroho Yes IP also from ID
patch released
http://blog.whmcs.com/?t=79427
They released the patch. Just implement it..
It seems only v5.2.7 has been affected.
If the vulnerable code is what I've seen, people need to flee WHMCS in DROVES.
The fact that they explicitly whitelisted something to be unfiltered... that's not able to be called stupidity. That's a backdoor, plain and simple. What's to say they didn't just replace the whitelist with something else that they can easily find?
All 5.x are affected.
That patch came out quickly. I hope they harden the security.
Neat thing Cloudflare did, got this email from them:
Yes, let's block the internets till it's fixed. Such practical advice.
There is already a fix out for this so the whiners who probably don't even use whmcs will have to find something else to whine about.
Yes in 'droves' or gaggles even. Flee everyone flee...lol.
This is awesome... It will be nice if CF would add these 0 day type exploits as soon as they are discovered.
@fapvps Pretty decent response time for software that isn't theirs.