Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Providers
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Select Attempts

agoldenbergagoldenberg Member, Host Rep
in Providers

Any of you other providers seeing a lot of people trying to order services in order to try to hack into your WHMCS install?

I have people registering at least once a day and in their address field are trying to perform a select from the users table..

Comments

  • adxnadxn Member, Host Rep

    Maybe it is a XSS Attack!

  • wychwych Member
    edited February 2015

    Yep but not as often, I'm sure its one of the older WHMCS exploits.

  • agoldenbergagoldenberg Member, Host Rep

    Yeah I never had this happen before. A couple days ago I started seeing them. Looked around for a exploit but I think it's safe for now.

  • NdhaNdha Member

    perhaps you mean like this @agoldenberg ??

    if this true, i had 10 times and now it's gone

    an old exploit from 2013 http://blog.whmcs.com/?t=79527 

    Client ID: 216 - Miger Zone has requested to change his/her details as indicated below:

Address 1: 'cyber' to 'AES_ENCRYPT(1,1), address1= (SELECT MIN(type) FROM tblservers)'
Address 2: 'team' to 'AES_ENCRYPT(1,1), address2= (SELECT MIN(ipaddress) FROM tblservers)'
City: 'miger' to 'AES_ENCRYPT(1,1), city= (SELECT MIN(username) FROM tblservers)'
State: 'CA' to 'AES_ENCRYPT(1,1), state= (SELECT MIN(accesshash) FROM tblservers)'
Default Payment Method: '' to ''
If you are unhappy with any of the changes, you need to login and revert them - this is the only record of the old details.

This change request was submitted from tus.tusdns.com (198.154.252.3)
  • agoldenbergagoldenberg Member, Host Rep

    @ndha yeah that's exactly it.

    Thanked by 1Ndha
  • adxnadxn Member, Host Rep

    Just got this mail from my WHMCS!

  • vpsGODvpsGOD Member, Host Rep

    @adxn second client attacker. :(

  • adxnadxn Member, Host Rep

    suraj4u said: @adxn second client attacker. :(

    Yep! It is just a brand new WHMCS!

  • KuJoeKuJoe Member, Host Rep
    edited February 2015

    Decided to throw together a WHMCS hook for this so here you go: https://github.com/KuJoe/chkClientDetails

    EDIT: @agoldenberg in case you don't get a notification that I replied to the thread.

    Thanked by 4adxn ndelaespada PremiumN Ndha
  • PremiumNPremiumN Member

    @KuJoe said:
    Decided to throw together a WHMCS hook for this so here you go: https://github.com/KuJoe/chkClientDetails

    Interesting. It'll be more interesting if the error messages would have something that will p*** the person off.

  • KuJoeKuJoe Member, Host Rep

    @PremiumN said:
    Interesting. It'll be more interesting if the error messages would have something that will p*** the person off.

    You can change the error message if you want, I like to keep it neutral just to be safe.

  • nexmarknexmark Member

    @KuJoe said:
    Decided to throw together a WHMCS hook for this so here you go: https://github.com/KuJoe/chkClientDetails

    EDIT: agoldenberg in case you don't get a notification that I replied to the thread.

    This should be in WHMCS by default

  • gestiondbigestiondbi Member, Host Rep

    @nexmark said:
    This should be in WHMCS by default

    @KuJoe , I agree wit nexmark, Why not contact Whmcs to propose your work? :)

    Thanked by 1KuJoe
Sign In or Register to comment.