Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Select Attempts
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Select Attempts

agoldenbergagoldenberg Member, Host Rep

Any of you other providers seeing a lot of people trying to order services in order to try to hack into your WHMCS install?

I have people registering at least once a day and in their address field are trying to perform a select from the users table..

Comments

  • adxnadxn Member, Host Rep

    Maybe it is a XSS Attack!

  • wychwych Member
    edited February 2015

    Yep but not as often, I'm sure its one of the older WHMCS exploits.

  • agoldenbergagoldenberg Member, Host Rep

    Yeah I never had this happen before. A couple days ago I started seeing them. Looked around for a exploit but I think it's safe for now.

  • perhaps you mean like this @agoldenberg ??

    if this true, i had 10 times and now it's gone

    an old exploit from 2013 http://blog.whmcs.com/?t=79527

    Client ID: 216 - Miger Zone has requested to change his/her details as indicated below:
    
    Address 1: 'cyber' to 'AES_ENCRYPT(1,1), address1= (SELECT MIN(type) FROM tblservers)'
    Address 2: 'team' to 'AES_ENCRYPT(1,1), address2= (SELECT MIN(ipaddress) FROM tblservers)'
    City: 'miger' to 'AES_ENCRYPT(1,1), city= (SELECT MIN(username) FROM tblservers)'
    State: 'CA' to 'AES_ENCRYPT(1,1), state= (SELECT MIN(accesshash) FROM tblservers)'
    Default Payment Method: '' to ''
    If you are unhappy with any of the changes, you need to login and revert them - this is the only record of the old details.
    
    This change request was submitted from tus.tusdns.com (198.154.252.3)
  • agoldenbergagoldenberg Member, Host Rep

    @ndha yeah that's exactly it.

    Thanked by 1Ndha
  • adxnadxn Member, Host Rep

    Just got this mail from my WHMCS!

  • vpsGODvpsGOD Member, Host Rep

    @adxn second client attacker. :(

  • adxnadxn Member, Host Rep

    suraj4u said: @adxn second client attacker. :(

    Yep! It is just a brand new WHMCS!

  • KuJoeKuJoe Member, Host Rep
    edited February 2015

    Decided to throw together a WHMCS hook for this so here you go: https://github.com/KuJoe/chkClientDetails

    EDIT: @agoldenberg in case you don't get a notification that I replied to the thread.

  • @KuJoe said:
    Decided to throw together a WHMCS hook for this so here you go: https://github.com/KuJoe/chkClientDetails

    Interesting. It'll be more interesting if the error messages would have something that will p*** the person off.

  • KuJoeKuJoe Member, Host Rep

    @PremiumN said:
    Interesting. It'll be more interesting if the error messages would have something that will p*** the person off.

    You can change the error message if you want, I like to keep it neutral just to be safe.

  • @KuJoe said:
    Decided to throw together a WHMCS hook for this so here you go: https://github.com/KuJoe/chkClientDetails

    EDIT: agoldenberg in case you don't get a notification that I replied to the thread.

    This should be in WHMCS by default

  • gestiondbigestiondbi Member, Patron Provider

    @nexmark said:
    This should be in WHMCS by default

    @KuJoe , I agree wit nexmark, Why not contact Whmcs to propose your work? :)

    Thanked by 1KuJoe
Sign In or Register to comment.